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This is our second year at the new event space and 
we have made chanqes since last year to try and 
improve the flow. There is a new “Communities” 
cateqory to be a better way to organize qroups 
that don't easily fit the existinq Villaqe, Contest, 

or Event categories. We split the Vendor area in 
two movinq those without a hacker product to sell 
into a new exhibitor space. The money we earn 
from them goes directly to support parties with ten 
percent supporting selected non-profits. Finally we 
have introduced a “War Stories” track for talks that 
are not appropriate for the main stage but are still 
valuable. Who doesn't like a good hacker war story? 


This past year we saw Twitter become dysfunctional 
and in response we started DEFCON.social, a 
modified Mastodon server we self host where we 
enforce our Code of Conduct. It is an alternative 
where you can explore social media with no 
advertising or targeting algorithms. We also operate 
the DEF CON Forums, and our Discord server. 

There is a saying that all problems at scale are 
moderation problems, and this year has been the 
year of moderators defending their turf. Thank you! 
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Over the years I have written that hackers need 
to have a seat at the policy table as technology 
becomes more complicated and important. 
Hackers see things differently than industry trade 
groups, lobbyists, and rent seeking commercial 
entities. We need to continue to embrace our role 
of representing civil society and speaking truth 
to power. For those interested this year we have 
increased the opportunities to engage with policy 
makers and those that support them. They are as 
interested in us as we are them. 


Looking forward I see a bright future for hackers 
and our different DEF CON communities. Not just 
because AI has entered the chat, but because the 
vibrant growth in distributed system alternatives to 
centralized systems, an increase in socially aware 
projects, and more determination to try and fix core 
problems driven by governments. This mix of tech 
optimism, uncertainty, regulation, self awareness 
and money means there is opportunity to make 
change and I am here for it. 
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sites, online-banking, the twitterz AND, especially 
your windows domains (yeah, it keeps happening) 


| to connect to the hacker conference network. 
DEF CON 31! Here we aie, aute, ME and another Make something up, be creative and funny. For 
DEF CON eh, The NOC is still delivering the best 


| updated information and instructions on how to 
questionable zero-trust network access throughout connect to the Wi-Fi with the nOt-s0-1337 Operating 
the Caesars Forums (not to be confused with the 


3 Systems along with the link to download the digital 
iesu Эш at Caesars): Flamingo: LIST certificate to be used, visit: https://wifireg.defcon. 
Harrah's conference floors. паа Learning, org. And if you don't know how to properly configure 
Updated AI optimization, shift-left, IPv7 and Malórt the Wi-Fiz on your üb3r-1537 linux distro, you should 
Сапаш gu шї L e emel et e unc Dy consider a new platform. For NOC updates visit 
ing ue wenu gh esa ute https://noc.defcon.org , and also follow us on 
twitter @DEFCON_NOC.Peace, love, maple syrup and 
taco grease! 


THE BADGE 
I ITIIGIIIIIG 


Aperiodically, DEF CON releases a non-electronic 
badge. DEF CON 51 is one of those years, and it 
called for some unique interaction. 


The Penrose tile is loved by mathematicians, 
physicists, and art nerds alike. The tiles consist of 
two different rhombi, that can be tiled endlessly, i 
without the pattern ever Крй. : A Г | 
In physical space, the badges nod os i order to connect to Wi-Fi? 
to our ability to connect, and create broad 
Remember there are three (and no more than 

and infinitely unique communities. Online, we zoom out a bit, three) official ESSIDs you should use to HACK THE DCIVRETURH! = 
and are able to visualize our impact as a living, growing mosaic. — - PLANETI: 

- You'll find a url on the back of your badge to join in on this visualization, Т 
plus some clues in other places. Diamond patterns are rich with ^ — == = е Me encrypted one Re BUS authentication and DEF CON will be televised! Visit 
history in many cultures, and І urge you ipixivsmrs. digital certificate veria Deon https: det de cono 


Now to the important stuff, what should you do in 


The (other, yet legit) encrypted one with 802.1X 


authentication and digital certificate verification. for the latest info including hotels, channels, and 


The badges also house a small chamber, made specifically for customizatio 


You'll find a stock insert in your badge pack, but you can switch this out But also, with some shiny МРАЗ benefits: DefCon- — — limited streaming. 
your own creation, and swap with others. If you missed the pre-release WPAS 
specs of the chamber, don't worry, there's plenty of ways to customize SI SA. And the original, unencrypted, stick-shift, no ABS, 
that don't involve whole a PCB run. rm excited to see what ya'll create! wildest езгеге сс Pi BERE 
: < b. Open 


- Overall, I wanted the badges to feel tactile and ` 


- Cyberpunky, with a hint of playful nostalgia. 1 want to “Choice. he prone M 


д Мұ . remind us of where we've been, but instill hope for the Wi-Fi and 802.1X authentication have had a pretty А! DC 51 Content is HERE 
AM AS > Z ў paths we can carve together, if we remain mindful of our good relationship in the past few years. And, believe https://10.0.0.16/ 
histories. My inspiration for the design was to try to or not, we test stuff before we go onsite. But things 
capture our first playful reaches into the digital world. ` ae aoe wee me Er pu à or 
The ridges of a Nintendo cartridge, a certain movie ош tiere па Q UR E СЯ 
9 g authentication. https://dc51-media 


hacker's jacket, and isolinear chips from Star Trek. | 
hope people are as drawn to interact with these objects Important 802.1X fact: By configuring 802.1X 


as I was Creating them. and choosing for your device to “not verify server 
Зы certificate” will probably not only let that device 
Have fun and happy hacking! connect to one of the Humare of rogue access 
: points on the show floor but will also send your 
ó E ERA login credentials to a rogue radius server. Despite 
| - Mar Williams - technology advancements, this is still no bueno and 
DEF CON Artist defeats the whole purpose of this authentication — 


Giant thanks for contributions by: method. 
Бопе Керо. And the usual Guy Fieri special (пом ир, 
Nutmeg Anne, Edison, a Canadian bacon upgrade) : Be an advo: 
pOlr & Will Tuttle cyber common sense™, and do not, 


More info at spux. art NOT choose the same credentials 
and password) used for stuff th 


COC/HOTLINE 


Conference staff will be happy to help participants 
contact hotel security, local law enforcement, or 
otherwise assist those experiencing harassment to 
feel safe for the duration of DEF CON. 


Remember: The CON is what you make of it, and as 


a community we can create a great experience for 
Last updated 5.6.15 everyone. 


DEF CON provides a forum for open discussion 
between participants, where radical viewpoints 

are welcome and a high degree of skepticism is 
expected. However, insulting or harassing other 
participants is unacceptable. We want DEF CON to 
be a safe and productive environment for everyone. 
It’s not about what you look like but what's in your 
mind and how you present yourself that counts at 
DEF CON. 


- The Dark Tangent 
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We do not condone harassment against any Re x от L і М E 
participant, for any reason. Harassment includes 
deliberate intimidation and targeting individuals 


in a manner that makes them feel uncomfortable, 
unwelcome, or afraid. 


725-222-0934 
TExT oR CALL 


Participants asked to stop any harassing behavior 
are expected to comply immediately. We reserve 

the right to respond to harassment in the manner 
we deem appropriate, including but not limited to 
expulsion without refund and referral to the relevant 
authorities. 


This Code of Conduct applies to everyone 


exhibitors to speakers, press, volunteers, and Goons. DEF СОМ SUPPORT HOTLINE — 


participating at DEF CON - from attendees and 


Anyone can report harassment. If you are Sometimes you may not want to contact a Goon at 
at DEF CON and are being harassed, notice the NFO booth or walking around in person with a 
that someone else is being harassed, or have problem, and for the second year in a row we have a 
any other concerns, you can let us know by phone option to tell us about concerns. 

contacting any Goon, registration desk, or 

NFO booth, as well as by calling or texting the You can reach DEF CON staff during normal hours of 
hotline at 725-222-0934. As a reminder, you operation (8am to 4am) to anonymously report any 
can also contact the hotline during the con behavior violating our code of conduct or to find an 
if you just need someone supportive to talk empathic ear by calling +1 (725) 222-0954. 

to. You can also file a report year-round by 
contacting safety? defcon.org. We encourage 
individuals to report CoC violations as soon as 
they're able to so we can begin our investigation 
before evidence is lost or destroyed, but it's 
never too late to make a report. 


For relevant issues, we are collaborating with several 
organizations including Kick at Darkness, The Rape 
Crisis Center Las Vegas, and the Nevada Coalition to 
End Domestic and Sexual Violence to provide expert 
resources for survivors, including dedicated support 
for LGBTQ+. 


GOONS 


DEF CON Goons are the 
electrons that enable the 
conference to run, and 
should you have a question 
or need help they are there 
for you. Here are some goon 
facts: 


DEF CON 51 Goons should 
all have visible patches with 
their nickname on them so 
it is easier to remember who 
you talk to about what. 


Goons are in one of two 
states, either ON duty or OFF 
duty. 


If they are ON DUTY they will 
be wearing a current year, 
red, DEF CON 51 Goon shirt, 
a current year Goon badge, 
and a name patch. 


If Goons are OFF DUTY they 
will not be wearing the red 
Goon shirt, but may still have 
a Goon badge on so they 
can still access the meeting 
spaces. 


Goons ON DUTY are not 
supposed to drink alcohol. 


Goons OFF DUTY have been 
known to drink alcohol. 


PAST Goons may seen 
wearing previous red shirts or 
badges as they helped run a 
past DEF CON, but that DOES 
NOT make them a current 
DEF CON 51 Goon. 


Please use the name patch 
if you have any feedback 
on Goons, good or bad. 
Feedback can be sent to 
feedback@defcon.org 


Goons Goon for many 
reasons, but the pay isn't 
one of them. They put in 
long hours and many weeks 
or months of planning and 
take time off work to make 
the con happen for everyone. 
Please feel free to ask them 
questions if you have any 
desire to join the ranks at a 
future Con. 


Goon Name 


GOON 


be yourself. DEF CON would like to 


Я 'eople, do 


pre-package what makes DEF CON мї 


get out ше omethi 


С ПЕРСОН KIDS MEETUP 


Thursday 14:00 - 16:00 at Chillout Lounge, Forum 129 


Come meet with other like minded kids and get ready for a 
weekend of hacking all the things! This is your opportunity 
to make friends with other kids & teens, maybe even find a 
partner to compete in a contest with! 


Difficulty: 1 


Thursday, 15:00- 21:00 at Coordinates (36.0636, -115.1178) 


Event Description Page 49, Toxic BBQ is Kid Friendly and 
Welcoming. In fact, our marketing captain is 16! As with 
anything DEFCON, caveat parentum 


If you are ok bringing and minding your kids to a backyard 
cookout, they'll be fine here. While we don't have kid-specific 
programming or events, it's at a park. 


We reserve the right to bribe them with swag to help out, and 
we may try to feed them Octopus jerky. 


Difficulty: 1 


Friday & Saturday 10:00 - 18:00 at Blacks in Cyber (B.I.C.) Village, Alliance 
301-303 

A set of 5 - 10 Capture The Flag style challenges hosted to 
provide kids, teenagers & beginners with an appropriate set 
of challenges to explore and work through. The BIC CTF team 
members will demonstrate skills and present solves to the 
community virtually or in-person to allow attendees to learn 
and ask questions. 


Difficulty: 2 


Friday & Saturday 10:00 - 18:00 at Contest Area, Summit Ballroom 


Contest Description on Page 59, Kids are welcome, the first 
year Dungeons @ DEF CON ran, two kids with the help of their 
fathers won a black badge. 


Difficulty: 1 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 12:00 at Flamingo, Twilight 
Ballroom 

Village Description Page 27, we will have space for kids 
activities. 


Difficulty: 2 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 at HHV&SSV, Forum 
Alliance 311 

Village Description on Page 24, Solder Skills always has had 
kids and we make sure to have goodies and fun projects 

with individual attention for them. Hardware hacking isn’t 

age restricted either but not all events and challenges will 
make sense for all ages (though with the right interest it is a 
playground). RoboSumo (typically held in HHV) is a great event 
for all ages. 


Difficulty: 2 
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Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 at LPV & TEV, Ling 5th 
Floor BLOQ 


Village Description on Page 25, a popular spot for new lock 
pickers! Highly recommended you stop by. The Lockpick 
Village is always kid friendly and welcomes folks of all ages. 
We do require that the parents stay with the kids. 


Difficulty: 2 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 at Packet Hacking 
Village, Academy 413 

Village Description on Page 22 -25, PHV had a ton of kids play 
HardWired last year (learn how to make a cat5 cable & then 
make one in a timed challenge). 


Difficulty: 2 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 at Contest Area, 
Summit Ballroom 

Password Village is kid friendly, We have had kids come by and 
crack some passwords in the past and would like to see more 
in the future. 


Difficulty: 2 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 at Flamingo, Carson 
City Ballroom 


Village Description on Page 26, kid friendly! We don’t have 
separate, kid-specific stuff, but kids always have.a fun time 
when they come by and get to learn a lot of new stuff! 


Difficulty: 2 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 at Ling, Evolution 


Village Description Page 30; hands on activities and kids 
challenges. 


Difficulty: 2 


Friday & Saturday-10:00 - 18:00, Sunday 10:00 - 14:00 at Flamingo, Savoy 
Ballroom 

Village Description on Page 18, kid-friendly in the sense that 
we keep things PG-15. We have a CTF that teens can play and 
contribute to. 


Difficulty: 3 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 to 12:00 at Contest Area, 
Summit Ballroom 


Contest Description on Page 39, rated PG-13. 
Difficulty: 2 


Friday & Saturday, 08:30 - 17:30, Sunday 10:00 - 11:00 at Social Engineering 
Community Village, Ling, Social A 


Contest Description on Page-47, SE Community is kid friendly. 
We have a dedicated Youth Challenge :D 


Difficulty: 2 


aa 


DIFFICULTY RATINGS 


3- Bring 
adults bu 


Friday 10:00 - 18:00 at Contest Area, Summit Ballroom 


Contest Description on Page 55, we will have a set of driving 
wheels and games that can be played by kids. 


Difficulty: 3 


Friday 10:00 - 18:00 (open play), Saturday 10:00 - 18:00 ( Contest) at Contest 
Area, Summit Ballroom 


Contest Description on Page 41, kid friendly as long as they 
want to play a 16 year old FPS. 


Difficulty: 1 


Friday 10:00-14:00 at Contest Area, Summit Ballroom 


Contest Description on Page 47, We have soda for under 21 
participants. 


Difficulty: 2 


Friday 18:00 - 19:00 at Contest Area, Summit Ballroom 


Come sing Hacker Karaoke! Its just like normal Karaoke, but 
with 110% more root shellz. 


Difficulty: 1 


Friday and Saturday 10:00 - 14:00, Sunday 10:00-12:00 at Contest Area, 
Summit Ballroom 

Contest Description on Page 45, Octopus Game is back for a 
second year! This contest is a battle royale style competition 
where fun and friendship is the goal. 


Difficulty: 1 


Friday and Saturday 10:00 - 16:30 pm (Contest shut down overnight), Sunday: 
10: 00 - 12:00 (Contest ends at noon, and contest results to contests hy 
13:00) at Contest Area, Summit Ballroom 

Contest Description Page 57, The Darknet-NG contest is 90% 
kid friendly. 


Difficulty: 2 


Friday and Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 at Bio Hacking Village, 
Flamingo, Laughlin Ballroom 


Village Description on Page 19, We will be having a paint with 
agar (petri dish) that’s kid friendly. 


Difficulty: 2 


Friday and Saturday 10:00-18:00 at Contest Area, Summit Ballroom 


Contest Description on Page 39, stop by for kid friendly 
content! 


Difficulty: 2 


Friday and Saturday 10:00-18:00 at Contest Area, Summit Ballroom 


Contest Description on Page 48, our big winner last year was 
12 years old! 


Difficulty: 1 


Friday and Saturday 10:00-18:00, Sunday: 10:00-12:00 at Flamingo, Vista 
Ballroom 


Village Description Page 20-21, Welcoming enviroment to all, 
kids can come by for a Junior Cryptographer puzzle sheet. 


Difficulty: 1 


1- No tech skills required. 
2 - Some tech skills required, but will be taught. 


our tech skills with and/or created for entry level 
nothing is stopping a kid from participating. 


Friday and Saturday 10:00-18:00, Sunday: 10:00-12:00 at Contest Area, Summit 
Ballroom 

Contest Description Page 38-39, The scavenger hunt list is 
open to interpretation and we are not responsible for how list 
items are interpreted. We have had a number of pre-teens and 
teenagers play the scavenger hunt over the years, primarily 
with their parents but occasionally alone. The team that won 
at DC24 included a teenager with their parents. Parental 
Guidance Recommended. 


Difficulty: 1 


Friday and Saturday 10:00-18:00, Sunday: 10:00-12:00 at Contest Area, Summit 
Ballroom 

Contest Description on Page 44, We have had many kids 
participate and complete the contest over the years... and 
they've all had a blast doing so. 


Difficulty: 2 


Friday and Saturday 10:00-18:00, Sunday: 10:00-12:00 at Contest Area, Summit 
Ballroom 


Contest Description on Page 47, rated PG-13. It's a level of 
challenge that is probably most suited to high school students 
and up, but anyone can play and we try to make it fun even if 


you're not competitive to win. :) 
Difficulty: 1 


Friday and Saturday 10:00-18:00, Sunday: 10:00-12:00 at Contest Area, Summit 
Ballroom 


Contest Description on Page 48, all ages welcome. Two kids in 
a trench coat might make a convincing DT look alike! 


Difficulty: 1 


Friday and Saturday 10:00-18:00, Sunday: 10:00-12:00 at Contest Area, Summit 
Ballroom 

Contest Description on Page 48, The CPV and Goldbug contest 
are always kid friendly. We will have "junior cryptographer" 
puzzle sheet hand outs for kids and those new to the field. 


Difficulty: 3 


Friday and Saturday, 14:00 - 16:00, Signup to walk the Contest Stage/Runway 
15:30-16:30, Stage show 17:00 - 18:00 at Contest Area, Summit Ballroom 


Contest Description on Page 40, is for all ages but no kid 
specific category. 


Difficulty: 1 


Saturday 1400 - 1500 at Summit Ballroom 

Kids free play chess for an hour before the main chess 
tournament ( also kid friendly). Kids open play is 14:00 to 
15:00 Saturday, forum contest area. The CHESS TOURNAMENT 
AT DEF CON description is on Page 58. 


Difficulty: 1 


Saturday, 18:30 - 22:00 at Forum 131-133 


Party with other DEF CON kids. Enjoy some arcade games, 
music, desserts & snacks, and get to hang out with other DEF 
CON kids! (Parents with Kids & Teens only) 


Difficulty: 1 


CAESARS FORUM 


SYN 


THURSDAY 

18:00 - 19:00 DUAL CORE 
19:00 - 20:00 NPC COLLECTIVE 
20:00 - 21:00 BOLONIUM 

21:00 - 22:00 THE ICARUS KID 
22:00 - 23:00 DRIES 

23:00 - 00:00 NINA LOWE 
00:00 - 01:00 PANKELDANK 
01:00 -02:00 DEEPBLUE 


FRIDAY 

18:00 - 19:00 

19:00 - 20:00 

20:00 - 21:00 

21:00 - 22:00 HECKSEVEN 

22:00 - 23:00 KRISZ KLINK 
23:00 - 00:00 GREAT SCOTT 
00:00 - 01:00 ZEBBLER ENCANTI 
01:00 - 02:00 TRIODE 


DEF CON Arts & Entertainment Presents: 
Yarrrrgh Pirate Night featuring O'Craven 
Join us Saturday night (Aug 12) at the SYN Stage 

in Caesars Forum for “Yarrrrgh Pirate Night", 

which is our answer to last year’s Night of the Ninjas. 

At 23:00, we feature the pirate rock band O’Craven. 
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The official DEF CON conference app 
Stay up to date during DEF CON 
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FORUM.DEFCON.ORG m manaa 
featured Attractions: 
SATURDAY 


MOON 2001: A SPACE ODYSSEY 
DARK STAR FORBIDDEN PLANET 


No matter what part of the DEF CON universe you're interested in, you 
should start at the DEF CON Forums. With a forum account you can reach 
out to a local DEF CON group, help us plan future events or even chat 
with other hackers. DEF CON's heart is its community, and the community 
meets at the DEF CON Forums. Join us! 


асса 


https://play.google.com/ 


store/apps/developer?id=DEF+CON+Communications,nc. 
апэзоо 


TUM 
— 


Z Download on the 
€ App Store 
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PARTIES & МЕЕТОР5 


GOTHCON 


Party at Forum 110,109,139) Friday, 21:00 ^ 02:00 


Back for their 6th year, GOTHCON welcomes everyone to 
come dance and stomp the night away with the theme 
"THE FUTURE IS #000000” on (DATE). Follow @dcgothcon 
on twitter for updates, lineup & location. All are welcome 
(except nazis), and dress however you want - whatever 
makes you the most comfortable and happy. Link on 
social: Twitter.com/dcgothcon 


ARCADE PARTY 


Party at Forum 105, 136, Saturday, 21:00 - 02:00 


The Arcade Party is back! Come play your favorite classic 
arcade games while jamming out to Keith Myers DJing. 
Your favorite custom built 16 player LED foosball table 
will be ready for some competitive games. This epic party, 
free for DEF CON 51 attendees to enjoy and play, is hosted 
by the Military Cyber Professionals Association (a tech ed 
charity) and friends. ArcadeParty.org 


VETCON 


Party at Forum 108, 110, 139, Saturday, 21:00 - 02:00 


Attention all Veterans, Cyber Warriors, Al buffs, and Skynet 
skeptics! VETCON is calling you to action! 


Join us on August 12, 2023, at Caesars Forum Rooms 
105,136 in Las Vegas for a mission of a different kind. 
Transition into the cyber frontline, network with comrades- 
in-arms, and engage in some good old military humor that 
even a drill sergeant can't resist! 


Navy, it’s after you've mistaken the hotel pool for the high 
seas. Marines, we'll see you post-crayon snack but pre- 
attempting to conquer the casino. Air Force, try to fit us in 
between your gourmet meals and five-star luxuries. Army, 
no amount of camouflage can hide your poker face! 


Coast Guard, be prepared to rescue any Navy personnel 
lost en route. And Space Force, we promise the gravity of 
the situation isn’t too intense. 


For our veterans and active-duty heroes looking to 
transition into cybersecurity, this is your chance to become 
the most unique people of the cyber world. For the general 
public, come meet the superstars ready to defend your 
cyberspace! 


This mission is all fun, games, and camaraderie until 
someone loses at poker. So, gear up, report for duty, and 
let's show AI how the military does humor! 


CULT OF THE DEAD COW 
BREAKS THE INTERNET 


Party at Forum 105, 136, Friday, 20:00 - 24:00 


CULT OF THE DEAD COW BREAKS THE INTERNET (and you 
can too!) 


What is dead shall rise again! Come do a hacktivism 
with cDc, as we launch a THING that will once again 
change the world, with the style and chaos that only the 
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herd can bring. Let us bless you with a revolutionary 
communications system that will disrupt the balance of 
power. 


It's time to TAKE BACK CONTROL. 


Recommended (but not required) dress code- y2k 31337 

Haxxor threads. Think Zero Cool and Acid Burn meet Max 
Headroom and Franken Gibe. There is no contest, but the 
Bovine Mother is watching, so make her proud. 


The herd hath spoken. Oomen. 


BLANKETFORT CON 


Party at Forum 130, Saturday, 19:00 = 04:00 


BlanketFort Con: Come for the chill vibes and diversity, 
stay for the Blanket Fort Building, Cool Lights, Music, and 
Kid Friendly\Safe environment. Now with less Gluten and 
more animal onesies! 


THE BIC LITUATION PARTY 


Party at Alliance 31302; 303, Friday,18:00 - 02:00 


The BIC Lituation Party is designed to have a night’s worth 
of different activities that DEF CON attendees are able to 
browse and fit into their DEF CON schedule for networking, 
knowledge sharing and fun! 


The event will break into three sections throughout the 
night: 


“Mild” 
6:00 pm - 8:00pm 
Networking - Light music, Food and Drinks 


“Medium” 
8:00pm - 10:00pm 
Nerdcore HipHop Showcase 


“Hot” 
10:00pm - Until (2:00 am) 
DJ Stage Set by DJ Roma of the DC Metro Area. 


HACKER FLAIRGROUNDS 


Meetup at Farum 115, Friday, 20:00-22:00 


Are you a flaming badge builder or just LED curious? 
Then you don't want to miss Hacker Flairgrounds, the 
ultimate gathering of hackers and blinking LEDs in Vegas. 
It's the place to be for badge folk, hardware hackers and 
makers who love the flashier side of DEF CON. Everyone is 
welcome. Show us your analog badge addons and flipper 
hacks! Come get inspired by the dazzling displays of 
creativity and skill. 


Ghakrflairgmds | @hackerflairgrounds@defcon.social 


DEF CON KIDS MEETUP 


Meetup at Forum 129, Thursday 14:00 16:00 


Come meet with other like minded kids and get ready for a 
weekend of hacking all the things! This is your opportunity 
to make friends with other kids & teens, maybe even find 
a partner to compete in a contest with! 


HACK THE BOX HACK-A- 
THON 


Meetup at Forum 131-133, Thursday, 10:00 - 18:00 


Rumor has it that the first CTF of the weekend tastes so 
fresh and so crisp that it just brings a tear to your eye... 
Or maybe that’s the first snowflake of winter? Either way, 
come join Hack The Box for a single day CTF! Win drink 
tickets and other prizes! 


BOOK CLUB DISCUSSION 
AND EXCHANGE 


Meetup atHarrah’s Tonopah & 
Goldfield, Friday, 14:00 - 16:00 


Books bring us together, expand our ways of thinking, and 
allow for discourse. This DEF CON book exchange will be 

a quieter space for those who want to discuss what they 
are reading, recommend books, and trade books too. We 
might even have a SAO of a book - pending sponsorship. 


DC 404/DC 678/ DC 770/ 
DC 470 (ATLANTA METRO) 


Meetup at Harrah's Tonepah & 
Goldfield, Friday, 16:00 - 19:00 


They say Atlanta is the city too busy to hate, but it also 
has too much traffic for its widespread hacker fam to get 
together in a single meetup. So instead, we're meeting up 
in the desert during DEF CON! The one time of year when 
intown, northern burbs, south siders, and anyone else 
connected to DC404's 20+ year legacy can catch up and 
share stories. Join us and meet your fellow ATL hackers! 
Website: https://dc404.org Discord: https://discord.gg/ 
Hk5M4qwHzv 


QUEERCON PARTY 


Party at Forum 111 - 113, Friday, 22:00 - 01:00 


The party provides a safe and inclusive environment for the 
Igbtqia+ community within Infosec to come together and 
be their authentic selves. A late evening party with music, 
dancing, and hanging out. 


Social Media: Twitter: https://twitter.com/Queercon | 
Discord: https://discord.gg/jeG6Bh5 or https://discord. 
com/invite/jeG6Bh5 | Facebook: https://www.facebook. 
com/groups/queercon 


HACKER KARAOKE 15 


Partysat. summit 216, Friday & Saturday, 19:30 07: 


For those who love to sing and perform in front of others, 
we are celebrating our 15th year of Love, Laughter, and 
Song from 8 PM to 2 AM Friday and Saturday night. 


We are open to everyone of any age, and singing is not 
required. 


For more information visit: https://hackerkaraoke.org or @ 
hackerkaraoke@defcon.social 


DEF CON HOLLAND GROUP 
PRESENTS: VRIJMIBO 


Friday : TBA Location: TBA on https:// 
twitter.com/DefconHolland 

In The Netherlands it's a tradition to catch up with your 
colleagues just before the end of the workday on Friday 
when the weekend starts to kick in. In The Netherlands this 
is called the "VrijMiBo" (Vrijdag/Friday - Middag/Afternoon 
Borrel/Drink) 


"vrijMiBo/Friday afternoon Drink" at DEF CON is a perfect 
moment to talk about what your favorite thing is at DEF 
CON, show your cool handmade badges, impress other 
hackers about your latest hacks, make new friends, gossip 
about your boss and show your cat or dog pictures. 


Vrijdag Middag Borrel, Freitag Mittags Getrank, Apéritif du 
vendredi aprés-midi, trago de viernes por la tarde. 


QUEERCON MIXERS 


Meetup at ChilleutRoom, Room 129 , Thursday, 
Friday, & Saturday-16:00 - 18:00 


A great way to meet other like-minded folk in this safe 
and inclusive environment. An informal meet-up of the 
Igbtqia+ community to network and unwind. 


WISP DEF CON SCHOLARS 
MEETUP 


Meetup at Forum 407-408, Thursday, 10:00 - 12:30 


WISP is committed to advancing women and 
underrepresented communities to lead the future of 
privacy and security. During the day, the WISP Community 
Room will be open at select times as a chill out space to 
get a break from the conference. In the evenings, WISP 
plans to host professional development and networking 
events for our community members. To see an exact 
schedule of events, follow us on social media. 


Twitter: @wisporg | Facebook: @WISPFB | LinkedIn: 
Women in Security and Privacy (WISP) | Email: info@wisp- 
net.org | www.wisporg.com 


HACK THE BOX, PUB 
CRAWL 


Party at Forum, 111-12, Saturday, 21:00 - 01:00 


Hack The Box will be hosting a pub in the DEF CON pub 
crawl, Come socialze and have a drink! 


CAPITOL TECH UNIVERSITY, 
PUB CRAWL 


Party at Forum 113-114, Saturday, 21:00 - 01:00 


Capitol Tech University will be a hosting a pub in the DEF 
CON pub crawl. Swing by for a chat and a beer! 
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. TECHNOLOGY, PUB CRAWL 


г Party at Forum 1153116, Saturday, 21/00» 01:00 


University of Advancing Technology will be hosting a pub 
in the DEF CON pub crawl. Grab a cocktail and meet the 
UAT staff! 


DEF CON KIDS PARTY 


Party at Farum-131-133, Saturday; 19:30 - 22:00 


Party with other DEF CON kids. Enjoy some arcade games, 
music, desserts & snacks, and get to hang out with other 
DEF CON kids! (Parents with Kids & Teens only) 


THE VILLAGE PEOPLE 
PARTY 

Hosted by Car Hacking, ICS and Aerospace Villages 
Party at Forum 115-116, Friday, 21:00 - 01:00 


SOCIAL ENGINEERING 
COMMUNITY PARTY 


Party at Forum 117-118, Saturday 22:00 - 24:00 


Want to hang out without the loud music so that you can 
actually have a conversation? Put on your raddest 80s gear 
and join the Social Engineering Community for a themed 
get-together for a chance to hang out and meet new 
people! We'll have a cash bar with both boozy and booze- 
free options. 


PUBLIC POLICY HAPPY 
HOUR 


Party at Forum 221-223, Saturday 19:00- 22:00 


Join the Hacking Policy Council, Policy @ DEF CON, and 
the Al Village for a relaxed happy hour to discuss public 
policy with hackers, policymakers, lawyers, academics, and 
others in the Plounge. 


LAWYERS MEET 


Meetup.at Harrah’s Elko, Friday 20:00 


If you're a lawyer (recently unfrozen or otherwise), a judge 
or a law student please make a note to join Jeff McNamara 
for a friendly get-together, drinks, and conversation. 


ASK THE EFF 


Meetup at Forum 134, 130-131, Friday 20:00-22:00 


Electronic Frontier Foundation (EFF) is thrilled to return 
to DEF CON 51 to answer your burning questions on 
pressing digital rights issues. Our panelists will provide 
updates on current EFF work, including the fight against 
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government surveillance and protecting creative 
expression, before turning it over to attendees to pose 
questions and receive insights from our panelists on the 
intersection of technology and civil liberties. This is a 
valuable opportunity to learn from policy experts and 
engage in a lively discussion rooted in the problems you 
face. This year you'll meet: Corynne McSherry, EFF's Legal 
Director specializing in intellectual property and free 
speech; Hannah Zhao, staff attorney focusing on criminal 
justice and privacy issues; Mario Trijillo, staff attorney with 
an expertise in privacy law; Rory Mir, Associate Director 
of Community Organizing; and Cooper Quintin, security 
researcher and public interest technologist with the EFF 
Threat Lab. 


BTV POOL PARTY 


Party at.Elamingo Pool, Friday 20:00-22:00 
(If it rains backup locationis: Forums 138, 117-118) 


DEF CON 
HACKERS WITH 
DISABILITIES 
(HDA) 


Community at Harrah's Studio 2-4, Friday & 
Saturday, 12:00 -18:00 & Sunday, 12:00 - 14:00 


Now in its 4th year, Hackers with DisAbilities continues 
the mission to make DEF CON awesomely accessible. 

The purpose of the HDA team is to make the DEF CON 
experience the best it can be within the scope and ability 
of the DEF CON staff for attendees with disabilities. АП 
attendees with disabilities regardless of the severity, 
visibility, permanence or any other factor of their disability 
are to be treated with dignity and respect as per the DEF 
CON code of conduct. If you find yourself with an ADA 
challenge or issue you can contact any DEF CON Goon and 
they can either help you directly or radio call for the HDA 
team to assist. 


This year HDA has been upgraded to a community and has 
three community rooms available for use during DEF CON. 
The main room is a community room where attendees 
with ADA needs can take a break, recharge their assistive 
devices, meet others in the community and partake in 
community activities. The second room will be used for 
presentations and talks on topics associated with ADA 
needs. The third room will be a safe harbor room, with a 
semi-private area for the use of attendees to attend to 
their unique needs. 


Year round HDA is available to assist DEF CON attendees 
with any questions, concerns or help needed in relation to 
their DEF CON experience. The HDA infopack is a digital 
PDF released every year with information, contacts and 
updates to policy regarding ADA needs in the DEF CON 
forums. Look for it on the DEF CON web page or in the 
DEF CON forums. 


HDA points of contact : 


DEF CON forums : https://forum.defcon.org/node/242670 
or DM Delchi 


Twitter : @HDA_DEFCON 


Remember , it's everyone's job to make DEF CON 
awesomely accessible, and HDA is here to help! 


OCG 


Community at Harrah’s Silver, Friday & Saturday, 
10:00yk8:00 Sunday, 12:00 - 14:00 


DEF CON is more than an annual event. All around the 
world, members of our community are meeting in local 
DEF CON Groups to work on projects,share ideas and keep 
the DEF CON feeling going all year long. 


Stop by the DCG Community Space to learn about DC 
Groups, play some games, and make some new friends. 
We'll also be showing some of the action from the DCGVR 
event. Share what your local group is working on or learn 
how to set up a group if there’s not one near you. 


DEF CON is a state of mind that lasts all year round and 
Groups are a big reason why. Stop by our Community 
Space and get involved! 


WISP 


IN SECURITY ' 
coss Community at Forums 217 


Women in Security and Privacy is a global non-profit 
committed to advancing women and underrepresented 
communities to lead the future of privacy and security. 
WISP’s annual programming includes educational and 
skills workshops, mentoring and networking events, and 
career advancement and leadership training. WISP also 
provides stipends and scholarships for women and people 
from underrepresented communities to attend conferences 
and to receive training and certifications. 


FRIENDS OF BILL W. 


CommunityeatHarrah’s Studio 1 
Thursday 12:00-15:00, 17:00-18:00 
Friday 12:00-15:00, 17:00-18:00 
Saturday 12:00-13:00, 17:00-18:00 
Sunday 12:00 -13:00 


HACKER MEMORIAL 


Community at Harrah's Copper, Friday & Saturday, 
10:00 -18:00 & Sunday, 12:00 - 14:00 


The thought of having a space at DEF CON to remember & 
honor our friends and family in the hacker world has been 
floating around for several year, With Covid entering our 
world along with the loss of Dan Kaminsky... DT made the 
decision. And the creation began. 


Our Memorial Room is for everyone in the DEF CON 
community for the first time or those here for decades. 


We welcome all of you here. Come and share your stories, 
your pictures, your thoughts, and your sorrows. We are set 
up for you to add your memories and the laughs you want 
to share. 


With many of us we only see each other at DEF CON so 
those feelings, memories, and the laughs flood in we 
are the place you can in for some quiet time or to share 
memories of you great times at DEF CON. 


We are in Harrah's with the DEF CON Community space. 


We call the room - DEF CON MEMORIAL Room, the hotel 
calls it Cooper. 


We are open at 10:00am and close around 6:00pm Friday 
& Saturday. On Sunday we start closing at 1:00pm to 
prepare for the Closing. 


I have been with DEF CON since the 7th year and shifted 
to this position as it became real. Earlier in my life I 
worked with people dealing with death and dying for 10 
* years. Our team are here for you and feel free to ask 
me anything. We are an amazing community. This is your 
space. 
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Vi ËP A GE S 


AEROSPACE VILLAGE {4 


“< Lad =. 
изе) еј = 
Friday and Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 


V Ёё АС» = 
Location: Forum, Summit 207-214 + /1 - ET 


The aviation and space industries, security researchers, and the public share a common goal: safe, reliable, and 
trustworthy aviation and space operations. For too long, negative perceptions and fractured trust on all sides have 
held back collaboration between the aviation, space, and security researcher communities that has advanced safety, 
reliability, and security of other industries. As the traditional domains of aviation safety and cybersecurity increasingly 
overlap, more effective collaboration between stakeholders ensures we will be safer, sooner, together. 


Through the Aerospace Village, the security research community invites industry leaders, researchers and academia 
interested in aviation and space security, safety, and resilience to attend, understand, collaborate together to achieve 
our common goals. Empathy and understanding build common ground, while acts and words likely to increase division 
between these two communities undermine these efforts. The Aerospace Village welcomes those who seek to improve 
aviation and space security, safety, and resilience through positive, productive collaboration among all ecosystem 
stakeholders. 


Our Goal 

The Aerospace Village is a volunteer team of hackers, pilots, and policy advisors who come from the public and private 
sectors. We believe the flying public deserves safe, reliable, and trustworthy air travel which is highly dependent on 
secure aviation and space operations. 


Our Mission 
- Create, sustain, and grow an inclusive community focused on aerospace cybersecurity; 


- Inspire the next generation of aerospace cybersecurity leaders; 
- Promote and develop aerospace cybersecurity expertise and knowledge. 


The Aerospace Village will do this by: 
- Building connections, trust, and understanding among all Village participants. 


- Developing aerospace security skills among DEF CON attendees through workshops and hands-on activities. 


- Promoting constructive dialog through talks and interaction. 


A.l. VILLAGE 
A 


š Friday & Saturday 10:00 - 18:00, Sunday: 10:00 - 12:00 
Location: Forum 401-406 


Al has exploded in the last couple years and is a new and unique attack surface for 
hackers. Come learn how ChatGPT, StableDiffusion, malware detectors, ML firewalls, 
; w and other Al based products work and how to break them. We will have talks sharing 

the latest research on these almost futuristic topics, as well as talks on developments 

in Al in traditional security. We will also host workshops for security experts new to Al 

to get you up to speed. New to this year are demo stations showing off how various Al 
technologies work including the guts of large language models, text to image models, and malware detectors. We will 
also host Prompt Detective where you learn prompt engineering to get various LLMs to perform tasks for you, including 
ones they are trained not to do. We are also running the Generative Red Team, the largest ever in person assessment for 
any group of Al models. 


APPSEC VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 
Location: Flamingo, Savoy 


The first four AppSec Villages at DEF CON were a resounding success. We learned that 
whether in person or online, our AppSec community is fantastic. 


Village 


We are pumped to be back bigger and better. 


Come immerse yourself in everything the world of application security has to offer. 
Whether you are a red, blue, or purple teamer, come learn from the best of the best 
to exploit software vulnerabilities and secure software. Software is everywhere, and 
Application Security vulnerabilities are lurking around every corner, making the software attack surface attractive for 
abuse. If you are just an AppSec n00b or launch deserialization attacks for fun and profit, you will find something to 
tickle your interest at the AppSec Village. 


Software runs the world. Everything from IoT, medical devices, the power grid, smart cars, and voting apps - all 
have software behind them. Such a variety of topics will be reflected in our cadre of quest speakers representing all 
backgrounds and walks of life. 


AppSec Village welcomes all travelers to choose from talks and workshops by expert community members, an all- 
AppSec-focused CTF, contests that challenge your mind and your skillz, and more. Bring your thirst for knowledge and 
passion for breaking things, and your visit to AppSec Village will be thrilling! 


BLACKS IN CYBERSECURITY 
VILLAGE 


Friday & Saturday 10:00 - 18:00 
Location: Forum, Alliance 301- 303 


The Blacks In Cybersecurity (B.I.C.) Village is excited to present at DEF CON 31 
in highlighting the ingenuity of the Black and minority communities by way of 
the presentation of personal hobbyist exploration, research, work experience and 
contributions that translate to innovation and new perspectives in Cybersecurity. 


Our village mission is to bring together Black practitioners in the Cybersecurity 
field to share knowledge, best practices, and experiences. We are committed to building a community of support, 
mentorship, and collaboration, and to developing the next generation of Black cybersecurity professionals. 


Our village works to create a space to allow for more diverse hobbyists and professionals to engage and contribute. The 
village seeks to discuss issues in disparity that affect education, literacy, privacy & safety in the digital world as well as 
be a conducive environment to normalize the discussion of deficiency or prejudices for minority communities. 


Our village offerings will include a themed CTF competition, talks throughout the conference duration and opportunities 
for interactive learning! 


BIQHACKING VILLAGE 49 


Friday and Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 


V. 1 

к 
Location: Flamingo, Laughlin p 4 V. 
THE BIOHACKING VILLAGE, a 501(C)3 organization, (EIN:83-3941279), is 


uniquely poised to inform global conversations in health care cybersecurity 

research. The Biohacking Village brings forth compelling issues in emerging B | О HAC К] М G 
biotechnology, regulations, medical and pharmaceutical manufacturing, " 

cybersecurity, and citizen science. We have been a platform for pursuing 

greater depth in the bioeconomy, exploring new avenues for VI LLAG E 
collaborations, and innovation. Our participants and attendees include: patients, 


clinicians, hackers, manufacturers, regulators, hospital administrators, and others seeking healthier futures through meaningful 
technology. This community delivers hands-on, strident learning labs to influence healthcare, industry, and manufacturing. 


DEVICE LAB 

A highly-collaborative environment where security researchers test medical instruments, applications, 
and devices in real-time from participating Medical Device Manufacturers. Any potential issues are 
reported directly to the manufacturer, and coordinated vulnerability disclosures are produced. 


CAPTURE THE FLAG 
Featuring the virtual learning environment of St. Elvis Hospital, the СТЕ offers protocol, regulatory, 
and biological challenges to access and assess vulnerabilities in real devices. 


CATALYST LAB 
Providing interaction with thought leaders from the medical device and citizen science communities through training 
and hands-on workshops and solutions design, to cover the entirety of the biomedical device and security ecosystem. 


SPEAKER LAB 
Fostering critical thinking, problem solving, human interaction literacy, ethics debates, creativity, and collaboration. Subject 
matter experts and researchers share the future of their research, reflecting the biological technologies and emerging threats. 


TABLETOP EXERCISES 
Experiential and immersive sessions of increasing complexity and difficulty regarding 
vulnerabilities in a series of Machiavellian healthcare industry scenarios. 


MIEEAGES: 


BLUE TEAM VILLAGE 


Friday and Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 
Location: Flamingo, Scenic 


Welcome to the other side of the hacking mirror. Blue Team Village (BTV) is both a place 
and a community built for and by people who defend computer systems, networks, and 
ВЕЧЕ ТЕЙЛ people against cyber-attacks. It’s a place to gather, talk, share, and learn from each other 

U TILLAG C about the latest tools, technologies, and tactics that our community can use to detect 
attackers and prevent them from achieving their goals. 


Project Obsidian — BTV's Home-Grown Content 


The Blue Team Village's Project Obsidian is an immersive, defensive cybersecurity learning 
experience that provides attendees with the opportunity to gain knowledge of Incident 
Response (IR), Digital Forensics (DF), Malware Analysis, Cyber Threat Intelligence (CTI), 
and Cyber Threat Hunting (CTH). Deep dive into technical topics through workshops and exercises that provide practical 
hands-on experience across each discipline. Project Obsidian workshops provide cybersecurity training that will enable 
attendees to develop skills needed to be successful in their current and/or future role. 


Two of the most valuable takeaways are how to strategically approach a task and the operational processes that support 
the objectives behind each task. Knowing ‘how’ to do something is only part of the challenge. Knowing ‘when’ and ‘why’ 
to perform certain tasks adds necessary context to develop the full story of defensive cybersecurity. 


CAR HACKING VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 12:00 
Location: Forum, DEF CON Contest Area 


A group of professional and hobbyist car hackers who work together 

to provide hands-on, interactive car hacking learning, hardware, and 
interactive contests. The primary goal of the Car Hacking Village is 

to build a community around discovering weaknesses and exposing 
vulnerabilities that could significantly impact the safety and security 

of all drivers and passengers on the road today. Educating security 
researchers on the functionality of vehicle systems coupled with providing 
them with the opportunity to gain hands-on experience working side by 
side with experts in this field is a plus for the attendees. 


CLOUD VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 13:00 


Location: Flamingo, Mesquite 


With the industry's rapid growth in cloud infrastructure, the presence of an open 
platform to discuss and showcase cloud research becomes a necessity. Cloud village 
is an open platform for researchers interested in the area of cloud security. We 

plan to organise talks, tool demos, CTF and workshops around Cloud Security and 
advancements. 


Our CTF will be a jeopardy style 2.5 days contest where participants will have to solve challenges around Cloud 
infrastructure, security, recon, etc. These challenges will cover different cloud platforms including AWS, GCP Azure, 
Digital Ocean, etc. We will also reward our top 3 teams with awards. 


CRYPTO PRIVACY VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 
Location: Flamingo, Vista @) 


Launched in 2014, Crypto & Privacy Village (CPV) is a community-run 
village centered on privacy and cryptography that aims to educate and 
inform the general public, students, educators, hackers, security and privacy 


professionals, and policymakers. We provide a unique hybrid space that CRYPTO + PRIVACY 
features talks; a chill space for relaxing with friends, doing CTFs, and cross- VILLAGE 


industry networking; the Gold Bug Challenge and desk for hints and support; privacy-related art installations; and an 
information desk for questions about privacy and cryptography. Come talk with us about facial recognition technology, 
privacy enhancing clothing, or crypto backdoor laws! 


DATA DUPLICATION VILLAGE 


Thursday 16:00 - 19:00, Friday and Saturday 10:00 - 17:00, 
Sunday 10:00 - 11:00 (last chance pickup) 
Location: Forum, Academy 410 


The Data Duplication Village is ready for DC 31! We have all the updated bits and bytes 
available from infocon.org packed up into nice, neat packages. If you're looking for 
something to fill up all your unused storage, we have a few nice hash tables and all 

of the DEF CON talks. Add to that just about every other security con talk known to 
human-kind! We provide a "free-to-you" service where of direct access to terabytes of 
useful data to help build those hacking skills. 


Check the schedule and/or dcddv.org for the most up-to-date information. 


HOW IT WORKS 

The DDV provides a core set of drive duplicators and data content options. We accept 6TB and larger drives on a first 
come, first served basis and duplicate ‘till we can no longer see straight. Bring in your blank SATA3 drives - check them 
in early - to get the data you want. Come back in about 24 hours to pick up your data-packed drive. Space allowing, 
we'll accept drives all the way through until Saturday morning - but remember, it's FIFO - get those drives in early! 


WHAT YOU GET 
We're working on more content right up until the last minute but for dc29, we provided: 


- 6TB drive 1-3: All past hacking convention videos that DT could find, built on last years collection and always adding 
more for your data consuming appetite. 


- 6TB drive 2-3: freerainbowtables.com hash tables (1-2) 
- 6TB drive 5-5: GSM A5/1 hash tables plus remaining freerainbowtables.com data (2-2) 
The DC 51 content will be posted at dcddv.org once finalized 


DT and KnightOwl post the up-to-date details in the DC Forum thread and you are encouraged to ask any questions you 
have there as con approaches. 


EMBEDDED SYSTEMS VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 \ q j= | 


Location: Flamingo, Reno 2 


WS 
Embedded systems exist at the intersection of hardware and software, built to r * Г. 
accomplish a specific task. Often these disciplines are dealt with individually, but L ~ { 
understanding the custom relationships between hardware and software is key to 1 
performing security research on these devices. т k 
$ ) 


Embedded Systems Village advances the security of embedded systems by hosting hands- p ` 
on hacking workshops, showcasing new security research demos, and organizing exciting и 
hacking contests to educate attendees and manufacturers on the approach hackers use 

to attack these devices. Attendees will leave the village with an understanding of how to 

reduce complex, exotic devices to their underlying embedded components and to extract the information required to use 
the tools and techniques taught at other villages where embedded systems are on display. 


What we will bring: 


Labs: We have a lab platform that brings everyone from every skill level to the same playing field with step by step 
instructions that aim to teach individuals specific techniques and skills in a hands-on manner. 


Interactive Hacking Content: We want to showcase the weird and cool in the embedded device world, and provide an 
opportunity for hackers to get hands-on experience hacking them. 


Contests: We are working on a brand new CTF contest that will support everyone from the casual player (i.e. someone 
that only wants to drop in for a few minutes) all the way to the hardcore teams that are willing to spend their full DEF 
CON engaged in our challenges. 


Expect unique devices, new challenge formats and full DEF CON worth of fun. 
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8 The Packet Hacking Village at DEF CON provides a learning 
3 experience for people of all skill levels, from absolute beginners 
п RB to seasoned professionals. We host practical training, network 
£ "U forensics and analysis games, and the renowned Capture The 
x B Packet event, which has been a Black Badge contest over 10 
% Су, times and draws the best of the best elite hackers from around 
2 ^» the world. Our mission has always been simple: to teach people 
Pd M good internet safety practices, and to provide an atmosphere that 
Ф "A encourages everyone to explore and learn. Everyone is welcome, 
S» period - regardless of industry or experience. And when it's time 
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atmosphere while they spin for the crowd in an open lounge area. 


Nin 
Wall 0f Sheep 


An interactive look at what can happen when you let your guard down on public networks, the infamous Wall of Sheep 
passively monitors the DEF CON network looking for traffic utilizing insecure protocols. Drop by, hang out, and see for yourself 
just how easy it can be! We strive to educate the “sheep” we catch, and provide a good-natured reminder that security 


matters, and someone is always watching. 


Wall of Sheep DJ Community - WoSDICo 


Come chill with us while we play all your favorite deep tracks, underground house, techno, psytrance, dubstep yodeling, 
breaks, and DnB beats mixed live all weekends. Chill and enjoy the sick beats and ill stylings of our talented hacker DJs while 
you hack all the things. Check website for schedule. 
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Making network cable is fun... but what if it was also a time trial! In this event, players have to put their cabling skills to test 
while making cables and bridging connections on a live patch wall. 


@wallofsheep W м @capturetp 
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WALKTHROUGH WORKONOPO 


The Packet. Hacking Village offers a revolving series of Walkthrough Workshops for people of all ages and skills, where 
participants will take a deep dive into a variety of topics. Join the self-guided journey to learn about topics like honeypots, 
botnets, RegEx, and more guided by our expert mentors! Check website for schedule of activities. 


CAPTUREEPACKET 


Capture The Packet - CTP 


Come compete inthe world’s most challenging cyber defense competition based on the Aries Security Cyber Range, 
which DT has honored as a Black Badge event over 10 years. Tear through the challenges, traverse a hostile enterprise class 
network, and diligently analyze your findings in order to make it-out unscathed. Glory and prizes await those that emerge 
victorious from this upgraded labyrinth, and only the best prepared and battle hardened will escape the fiendish crucible. 
Follow us on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes. 

теат consiSbof up to 2 players.and can register at the€ TP table in thePacket HackNig Village. 
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ARIES @ SECURITY 
Packet Inspector - Beginner/Intermetiate 
The perfect introduction to network analysis, sniffing, and forensics. Do you want to understand how hackers tap into 
a network, steal passwords, and listen to conversations? Packet Inspector is your boot camp! Using a license of the world 
famous Capture The Packet engine from Aries Security, we teach hands-on skills іп a controlled real-time environment. 
däin us in the Packet Hacking Villag& t& start your est towards getting a black belt in Packet-Fu. 
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Packet Detective -intermediate/Advanced 
Ready to upgrade your skills or see how you would fare in Capture The Packet? It’s time to play Packet Detective. A step 
up in difficulty from Packet Investigator, Packet Detective will test your network hunting abilities t with real-world scenarios 
at the intermediate level. Improve your network mastery in a friendly environment, learn from mentors and peers, and take 
another step closer to preparing yourself for the highly competitive Capture The Packet contest. 


MIEEAGES: 


HAM RADIO VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 


Location: Flamingo, Virginia City 


Ham radio is the original group of electronic hackers, starting long before 
computers, circuit chips, or even transistors. Continuing this pioneer spirit, Ham 
Radio Village is here to support advancement of the hobby with a cybersecurity 
slant. Everything we do today involves wireless communications of some sort, 
and a basic knowledge of how radio works is crucial. In the HRV, you can learn 
hand-on with topics such as how to legally use a radio to send commands to a 
satellite, communicating around the globe when no other methods exist, and how to send and receive real-time location 
data without relying on any cellular networks. You can put your skills to the test by trying to find the hidden transmitters 
in the Ham Radio Fox Hunt contest, as well as transmitting memes over the airwaves to DEF CON attendees. We provide 
license testing services for those looking to become licensed or upgrade their license class, as well as guidance on how 
to hack on the medium to achieve the best results and have the most fun! 


HARDWARE HACKING & 
SOLDERING SKILLS VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 
Location: Forum, Alliance 311 


Every day our lives become more connected to consumer hardware. Everyday 
the approved uses of that hardware are reduced, while the real capabilities 
expand. Come discover hardware hacking tricks and tips regain some of that 
capacity, and make your own use for things! We have interactive demos to help 

you learn new skills. 


We have challenges to compete against fellow attendees. We have some tools to help 
with your fever dream modifications. Come share what you know and learn something new. 


Details @ dchhv.org 


ICS VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 
Location: Forum, Alliance 313-319 


Mission. ICS Village is a non-profit organization with the purpose of providing 
education and awareness of Industrial Control System security. 


Connecting public, industry, media, policymakers, and others directly with 
ICS systems and experts. 


Providing educational tools and materials to increase understanding among 
media, policymakers, and general population. 


Providing access to ICS for security researchers to learn and test. 
Hands on instruction for industry to defend ICS systems. 


Why. High profile Industrial Controls Systems security issues have grabbed headlines and sparked changes throughout 
the global supply chain. The ICS Village allows defenders of any experience level to understand these systems and how to 
better prepare and respond to the changing threat landscape. 


Exhibits. Interactive simulated ICS environments, such as Hack the Plan(e)t and Howdy Neighbor, provide safe yet realistic 
examples to preserve safe, secure, and reliable operations. We bring real components such as Programmable Logic 
Controllers (PLC), Human Machine Interfaces (HMI), Remote Telemetry Units (RTU), actuators, to simulate a realistic 
environment throughout different industrial sectors. Visitors can connect their laptops to assess these ICS devices with 
common security scanners, network sniffers to sniff the industrial traffic, and more! 


The Village provides workshops, talks, and training classes. 


IDT VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 
Location: Forum, Alliance 307-310 


IoT Village advocates for advancing security in the Internet of Things (loT) industry 
through bringing researchers and industry together. IoT Village hosts talks by expert 
security researchers, interactive hacking labs, live bug hunting in the latest loT tech, 


and competitive IoT hacking contests. Over the years loT Village has served as a 
V l L L A G E platform to showcase and uncover hundreds of new vulnerabilities, giving attendees 

the opportunity to learn about the most innovative techniques to both hack and 
secure loT. IoT Village is organized by security consulting and research firm, Independent Security Evaluators (ISE). 


loT Village will have our 4 time black badge CTF, 101 labs, live bug hunting, hands on hacking demos, and more! 


LOCKPICK VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 
Location: Ling, The Blog 


Want to tinker with locks and tools the likes of which you've only seen in movies 
featuring secret agents, daring heists, or covert entry teams? 


Then come on by the Lockpick Village, run by The Open Organization Of Lockpickers, 
where you will have the opportunity to learn hands-on how the fundamental hardware 
of physical security operates and how it can be compromised. 


The Lockpick Village is a physical security demonstration and participation area. 
Visitors can learn about the vulnerabilities of various locking devices, techniques 


Experts will be on hand to demonstrate and plenty of trial locks, pick tools, and other de 
to handle. By exploring the faults and flaws in many popular lock designs, you ca C 
sport-picking, but also gain a much stronger knowledge about the best methods 


property. 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 
Lacation: Forum, Summit 224 


The Misinformation Village aims to bring misinformation, 


and engage the public in stimulating p 
about building trustworthy informatio 
online information quality. We seek to | 
cutting-edge content, precipitate new c 


The village will host lighi 
MDM campaigns, potential 
warfare campaigns. Our worksho| 
networking. 


We also want to explore th: ecti 
documentaries, newsletters, books, an 
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VIBIEAGES 


PAYMENT VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 
Location: Flamingo, Reno 2 


Payment technologies are an integral part of our lives, yet few of us know much 
about them. Have you ever wanted to learn how payments work? Do you know 
how criminals bypass security mechanisms on Point of Sales terminals, ATM's 
and digital wallets? 


Payment technologies are an integral part of our lives, yet few of us know much 
about them. Have you ever wanted to learn how payments work? Do you know 
how criminals bypass security mechanisms on Point of Sales terminals, ATM's 
and digital wallets? Come to the Payment Village and learn about the history 
of payments. We'll teach you how hackers gain access to banking endpoints, 
bypass fraud detection mechanisms, and ultimately, grab the money! 


PHYSICAL SECURITY VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 
Location: Flamingo, Carson City 


The Physical Security Village explores the world of hardware bypasses and techniques 
generally outside of the realm of cybersecurity and lockpicking. Come learn some of 
these bypasses, how to fix them, and have the opportunity to try them out for yourself. 


We'll be covering the basics, like the under-the-door-tool and latch slipping attacks, as 
well as an in depth look at more complicated bypasses. Learn about elevator hacking, 
attacking alarm systems at the sensor and communication line, and cut-away and 
display models of common hardware to show how it works on the inside. 


Looking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 
seconds and receive a prize! 


DEF CON POLICY VILLAGE 


voices will improve outcomes across the policy-technology spectrum 

by bridging the gap between technical and policy practitioners. Senior 
government officials, policy experts, nonprofit and the private sector, 
security researchers, hackers, academics and technologists from around 
the world all come together at Policy @ DEF CON. 


: QUANTUM VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 13:00 


e 000 
i $ Location: Ling, Innovation 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 Ws 
Location: Forum, Summit 218-223 ENS 

МУ 
Tech policy is going to happen апа we believe including diverse expert <s 


This is the safe space for anyone to discover, learn, create and break all things around 

@ Quantum Technologies. We are committed to helping raise awareness and involvement 
ө in the quantum industry and with quantum technologies. We know that in order to avoid 
the mistakes of past technological surges, we have to engage as many people with as 
wide a variety of interests and backgrounds as possible. 


To date, very few (if any) people have actually hacked a quantum computer, and we want 
to change that! Something we demonstrated last year was that quantum computers are only a small part ‘magic’ - the 
rest are familiar API and tech stack technologies we see everywhere. These devices are set to become more and more 
commonplace as more time, money, and intelligence is spent on improving them - so let’s get quantum hacking! 


Our ethos is to encourage participants to engage, explore, and discuss topics surrounding this new and burgeoning 
technology ecosphere that is in many ways very different from what has gone before in technical revolutions - but 

there are many hallmarks that are the same, and which we can use to shape this new paradigm of computing. That 
conversation is essential to bring before some of the most talented and brilliant technologists going; the hackers at DEF 
CON. 


We have built on many of the things that were popular last year, but have also improved things and sought feedback 
from participants to make things even better this coming year! We were standing room only last year, with very 
popular events and debates alongside our workshops and talks, and we would like to build on the positive energy and 
momentum that comes from the Quantum Hackers. 


RECON VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 13:00 
Location: Ling, Socal B & С 


Recon Village is an Open Space with Talks, Live Demos, Workshops, Discussions, CTFs, 
etc., with a common focus on Reconnaissance. The core objective of this village is to 
spread awareness about the importance of reconnaissance and open-source intelligence 
(OSINT) and demonstrate how even a small piece of information about a target can cause 
catastrophic damage to individuals and organizations. 


As recon is a vital phase for infosec as well as investigations, folks should definitely have this skill set in their arsenal. 
People should check out Recon Village, as they get to learn novel point/recon techniques, play hands-on СТЕ and, 
most of all, have fun. At RV, we keep things simple, and the focus is on generating quality content using talks, CTF, 
hackathons, etc. 


We will also have our Jeopardy Style OSINT CTF Contest throughout the Village timings. Based on the feedback from last 
year, we plan to make the CTF more challenging this year. The challenges will be around harvesting information about 
target organizations, their employee's social media profiles, their public svn/gits, password breach dumps, darknet, 
paste(s) etc., followed by active exploitation, bug hunting, investigation and pentest scenarios of virtual targets. АП the 
target organizations, employees, servers, etc., will be created by our team and hence will not attract any legal issues. 


RED TEAM VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 12:00 
Lacation: Flamingo, Twilight Ballroom 


The Red Team Village is focused on training the art of critical thinking, collaboration, and 
strategy in offensive security. The RTV brings together information security professionals 
to share new tactics and techniques in offensive security. Hundreds of volunteers from 
around the world generate and share content with other offensively minded individuals in 
our workshops, trainings, talks, and conferences. 


RADIO FREQUENCY VILLAGE 
Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 13:00 RE 


Location: Flamingo, Eldorado 


After 16 years of evolution, from the WiFi Village, to the Wireless Village, RF Hackers HS 
Sanctuary presents: The Radio Frequency Village at DEF CON. The Radio Frequency Village 

is an environment wherepeople come to learn about the security of radio frequency (RF) 
transmissions, which includes wireless technology, applications of software defined radio (SDR), 
Bluetooth (BT), Zigbee, WiFi, Z-wave, RFID, IR and other protocols within the usable RF spectrum. 
As a security community we have grown beyond WiFi, and even beyond Bluetooth and Zigbee. The RF Village includes 
talks on all manner of radio frequency command and control as well as communication systems. 


While everyone knows about the WiFi and Bluetooth attack surfaces, most of us rely on many additional technologies 
every day. RF Hackers Sanctuary is supported by a group of experts in the area of information security as it relates to RF 
technologies. RF Hackers Sanctuary's common purpose is to provide an environment in which participants may explore 
these technologies with a focus on improving their skills through offense and defense. These learning environments are 
provided in the form of guest speakers, panels, and Radio Frequency Capture the Flag games, to promote learning on 
cutting edge topics as it relates to radio communications. We promise to still provide free WiFi. 


Space system cybersecurity has become a high-stakes endeavor as 
the world increasingly depends on space technologies. Hack-A-Sat 
is a CTF designed to raise awareness on this critical issue and help 
build the alliance among security researchers, industry, academia 
and government with the power to secure space. 


After a tough Qualification Round in April, five teams rose to the 
top and are competing in the first-ever CTF in space. Many of 
Hack-A-Sat 4's challenges will occur on Moonlighter, a satellite 
designed, built and launched to advance skills in space cybersecurity. 


Come see history 
in the making! 
Find us in the 

Aerospace Village. 
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VIBEAGES 


ROGUES VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 
Location: Ling, Evolution 


Rogues Village is a place to explore alternative approaches to and uses for existing 
security concepts by looking to non-traditional areas of knowledge. Incorporating 
expertise from the worlds of sleight of hand, con games, espionage, and advantage 
play, this village has a special emphasis on Social Engineering, Physical Security and 
Playful Mischief. 


SOCIAL ENGINEERING 
COMMUNITY VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 


Location: Ling Social А 


The Social Engineering Community is formed by a group of individuals who have 
a passion to enable people of all ages and backgrounds interested in Social 
Engineering with a venue to learn, discuss, and practice this craft. We plan to 
use this opportunity at DEF CON to present a community space that offers those 
elements through panels, presentations, research opportunities, and contests 

in order to act as a catalyst to foster discussion, advance the craft and create a 
space for individuals to expand their network. DEF CON attendees can either participate in these events (watch for our 
Call for Papers, Call for Contestants, Call for Research, etc.), or they can watch the events unfold and learn about Social 
Engineering as an audience member. 


TAMPER-EVIDENT VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 
Location: Ling, The Blog 


Tamper-evident" refers to a physical security technology that provides evidence of tampering (access, damage, repair, or 
replacement) to determine authenticity or integrity of a container or object(s). In practical terms, this can be a piece of 
tape that closes an envelope, a plastic detainer that secures a hasp, or an ink used to identify a legitimate document. 
Tamper-evident technologies are often confused with “tamper resistant" or “tamper proof" technologies which attempt 
to prevent tampering in the first place. Referred to individually as "seals, many tamper technologies are easy to destroy, 
but a destroyed (or missing) seal would provide evidence of tampering! The goal of the TEV is to teach attendees how 
these technologies work and how many can be tampered with without leaving evidence. 


The Tamper-Evident Village includes the following contests and events: 


The Box; an electronic tamper challenge. An extremely realistic explosive with traps, alarms, and a timer ticking down. 
One mistake and BOOM, you're dead. Make every second count! Sign ups on-site when the TEV begins. 


Tamper-Evident King of the Hill; a full-featured tamper challenge. Tamper single items at your leisure and attempt to 
beat the current best. There can be only ONE! No sign ups required, play on-site when the TEV begins. 


Badge Counterfeiting Contest; submit your best forgery of a DEF CON human badge. Other target badges are also 
available for those looking for more counterfeit fun! 


For your viewing pleasure, collections of high-security tamper-evident seals from around the world. 
Sit-down presentations & demonstrations on various aspects of tamper-evident seals and methods to defeat them. 


Hands-on fun with adhesive seals, mechanical seals, envelopes, and evidence bags. 


TELECOM VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 13:00 
Location: Flamingo, Virgina City 3 


The Telecom Village’s primary focus would be around Telecom Security. We plan to host multiple hands on events as part 
of the village so as to give participants an overview security specific challenges in a Telcom Network. This includes: CTFs 
in telecom signaling security and another one in Private 5G and select set of talks (5), spread across two days. 


We are planning a workshop over a day where we will be giving an overview of the 4G/5G network and its security. There 
will be a small CTF for SS7, Diameter attack on the 3G/4G network and 5G network. The workshop and CTF will focus on 
use of open-source tools so as to ensure that this Niche within the Security Industry is taken to wider audience. 


In the village, we will also be hosting a 4G/5G live network which will have Live Radio and 4G/5G Core. Attendees will be 
able to understand the call flow of Telecom and the Weaknesses in the call flows. 


VOTING VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 14:00 
Location: Forum, Academy 415-418 


Voting Village is an interactive educational environment that provides the public 

with the unique opportunity to have a hands-on experience with our current Election 
Infrastructure. Attendees will be able to interact with multiple different types of voting 
systems, all of which are currently in use across the country today. Hackers will have 
the opportunity to test how secure these voting systems truly are, and will report to 
the Voting Village Lead’s any vulnerabilities they find. Voting Village explores all aspects of election security and works 
to promote a more secure democracy. Attendees of Voting Village will also have access to Harri Hursti, the world’s 
premier hacker and leading election and cyber security expert who has successfully hacked voting machines on multiple 
occasions. Aside from Harri, attendees will have the option of joining us for our speaker track (TALKS) that will take place 
every day except for the last Sunday of DEF CON. Our speaker track represents the most relevant government agencies 
and the top media outlets. Additionally, there will be multiple showings of Harri's HBO documentary, Kill Chain: The 
Cyber War on America’s Elections. We will also have two Capture The Flags (CONTESTS) taking place throughout DEF CON. 


XR VILLAGE 


Friday & Saturday 10:00 - 18:00, Sunday 10:00 - 12:00 
Location: Forum, DEF CON Contest Area 


Augmented reality (AR), virtual reality (VR), collectively referred to extended reality 
(XR) technologies have the potential to revolutionize the way we interact with 

the world around us. However, as with any new technology, there are security and 
privacy concerns that must be addressed. 


These concerns include data privacy, hacking of haptic hardware, software, and 
XR Infrastructure and public safety. In XR systems, personal information, such as 
location data and biometric information, can be collected and shared without the 
user's knowledge or consent. 


Current XR development platforms for these technologies do not allow for built in security, safety, and privacy. 
The XRVillage was created to: 


The Vision 

To promote Security, Privacy, and Safety for XR software, hardware, and environments including the Metaverse, through 
awareness, education, policy and legal coordination, and exploitation and remediation of known and unknown 
vulnerabilities. 


The Mission 

Provide access to XR devices and applications for the security community for vulnerability testing; provide quidance & 
collaborative recommendations back to Policy makers, legislators, law enforcement, vendors, users, and the world on 
best Security, Privacy, and Safety practices in XR 


At the DEF CON 31 XR Village hackers can expect expert XR security talks, policy and legal discussions, and a Hands- 

on Haptics Hackathon. XR devices will be on hand to demonstrate applications and environments such as BadVR w/ 
Microsoft HoloLens (Example) showing virtual visibility to all surrounding WIFI networks via AR. They and others will show 
what is already being built in XR environments that may, or may not cross a line for privacy, safety, and security in the 
space. Specific breakout sessions will be available for hackers to discuss current efforts by XR Vendors to address security 
concerns. 


Expert XR Security Talks will focus on exploitation of XR in the wild: What's been done and what's coming. 


A Policy & Legislation panel of Global Governments and Law Enforcement Agencies will discuss challenges with 
current policies, and their limitations in enforcing privacy, safety, and security in XR. The panel will include a lengthy 
Q&A for hackers to present their thoughts. 


Hackers will get their hands dirty with the Hands-On Haptics Hackathon. They will be given XR headsets within a 
test environment to identify specific vulnerabilities; with extra credit to anyone who finds new ones. 


Hackers will have many different elements of XR to immerse themselves in, challenge their preconceptions of XR, 
and inspire them to learn more. 


VIEEAGES 


DEF CON GROUPS VR (DCGVR) 


DEF CON Groups VR was created with strong support from Jayson E. Street, who 

is the DEF CON Groups Ambassador and close friend. Not all DEF CON Groups 
members can attend DEF CON conference in person due to variety of factors - 
financial hardship, disability, or political (getting a visa is problematic if you live in 
certain countries) 


DEF CON Groups VR brings hackers / DEF CON Groups together in Virtual Reality 
setting. We provide closest experience to being at DEF CON in person and have been 
doing it since DEF CON 28. DEF CON Groups VR events combine ability to socialize 
with like-minded individuals, give/watch presentations, as well as participate in panels 


We will have talks and panels during the day, socializing events in the evenings 


DEF CON Groups VR has a good track record for hosting events. We have a solid team of volunteers dedicated to the 
success and high quality of each event we host. Please review our YouTube channel for glimpse into previous events. 


CONTESTS & EVENTS 


? CUBE 


Hybrid Contest 


Location: DEF CON Contest Area, Forum 
Ballroom 


Friday and Saturday 10:00-18:00, Sunday: 
10:00-12:00 


Are you ready to put your problem-solving skills to the 
test? 


This year, we are proud to introduce a brand new 
contest, designed to push your limits and awaken your 
curiosity. 


— У 


The ? Cube Challenge is not for the faint-hearted. It is a 
multi-layered, complex puzzle that requires you to use 
all your hacking and analytical skills to solve it. 


The cube is loaded with riddles and puzzles that must 
be solved one by one to progress further towards the 
ultimate goal. 


This challenge is not just about solving a puzzle, 
it's about exploring your curiosity and pushing the 
boundaries of your knowledge. 


It's about putting your hacker mindset to work and 
seeing how far you can go. 


With each step, you'll be one step closer to unlocking 
the secrets of the ? Cube Challenge. We know that 
DEF CON attendees are always looking for the next big 
challenge, and we have created the ? Cube Challenge 
with that in mind. 


It is a contest that will test your limits, engage your 
creativity, and push your curiosity to the next level. 
So come and join us at DEF CON 51 and take on 
the ultimate challenge! Who knows, you might just 
walk away with the title of ? Cub Champion and the 
admiration of your fellow hackers. Are you ready to 
take the challenge? 


The above was totally written by ChatGPT. I don't want 
to give out too much information, but basically there is 
going to be a big cube like object that contestants will 
have to deconstruct to find the hidden awesomeness. 

I hope to have challenges spread across multiple 
domains, both online in a jeopardy style ctf as well as 
the physical puzzle of the cube which will be module in 
nature, with each physical puzzle tying to the next. 


http://Ox3fcube.com/ 


SN4CK3Y 


In-person Contest 


Location: DEF CON Contest Area, Forum 
Ballroom 


Friday and Saturday 10:00-18:00, Sunday: 
10:00-12:00 

AND!XOR creates electronic badges that are filled with 
challenges. We love doing this, especially coming up 
with unique ways for hackers to earn them. We are 
excited to re-introduce the newest member of our 
hacker-fam... 5n4ck3y (Snackey). 5n4ck3y is a vending 
machine hardware hacking project, retrofitted into an 


loT CIF based badge dispensing machine, complete 
with bling. To earn a badge, you must find a flag on 
our web hosted CTF platform. Once you have found a 
flag, you will be given a 5n4ck3y dispense code. Enter 
the code into the vending machine and a badge will 

be dispensed to you! There are a variety of challenges 
to earn a badge, as well as challenges to continue 
working on the badge itself once obtained. These span 
from hardware hacking, reverse engineering, OSINT, OS 
& network security to name a few. Hardware hacking 

is our passion and we want people to learn on badges. 
But more importantly, there is a lot to learn at DEF 
CON, so our challenge will hopefully serve a desire to 
learn something new and meet new friends while trying 
to earn a badge and hack it further. We hope you enjoy 
5n4ck3y and all that it has to offer! 


@ANOnXOR 


ADVERSARY 
WARS CTF 


In-person Contest 


Location: DEF CON Contest Area, Forum 
Ballroom 

Friday: 10:00 - 17:00, Saturday: 10:00 - 
17:00, Sunday: 10:00 - 12:00 

Adversary Village proudly presents “Adversary Wars 
СТЕ” a cutting-edge capture the flag competition 
that revolves around adversary attack simulation, 
adversary-threat actor emulation, purple team tactics 
and adversary tradecraft. This unique competition is 
designed to replicate enterprise infrastructure and 
present participants with challenges that encourage 
the adoption of various techniques, tactics, and 
procedures (TTPs) employed by real adversaries and 
threat actors, all within a defined time frame. 


Adversary Village is a community-driven initiative that 
prioritizes adversary simulation, emulation, breach 
and attack simulation, adversary tactics, offensive/ 
adversary tradecraft, philosophy, and purple teaming. 


Our objective is to establish a Capture the Flag 
competition dedicated to adversary simulation, purple 
teaming and knowledge sharing. Adversary Wars offers 
unique opportunities for “adversaries” aka participants 
to simulate attacks, explore new attack vectors, gain 
insights into threat actor profiles, master TTPs, and 
refine offensive tradecraft. With a range of adversary 
simulation exercises at different difficulty levels, this 
CTF promises real-world attack simulation scenarios 
and challenges. 


Previous versions of the Adversary Wars CTF were 
hosted as part of Adversary Village, during DEF CON 29 
and DEF CON 30. 


We are excited to be back at DEF CON as an official 
contest this year. Adversary Wars CTF will be located in 
the contest area for DEF CON 31. 


https://adversaryvillage.org/adversary-events/DEFCON-31/ 
@AdversaryVillag 


AvroDawincGT F 


AUTODRIVING CTF 


In-person Contest 
Location: DEF CON Contest Area, Forum Ballroom 


AutoDriving CTF is a Jeopardy style of CTF game with 
a set of challenges specific to self-driving functions 
and components. The contest offers participants the 
ability to use a simulation-based autonomous driving 
environment (based on the open-source simulators; 
e.g., LGSVL and CARLA) and explore specific attacks 
(such as camouflage stickers, road graffiti, and sensor 
spoofing/hijacking) as well as defense strategies.We 
hope to continue the engagement with the hacking 
community to demonstrate security implications of 
autonomous driving system design decisions through 
hands-on challenges, increase the awareness of 
potential risks in security professionals, and encourage 
them to propose defense solutions and tools to detect 
such risks. 


Twitter: https://twitter.com/autodrivingctf 


BATTLE OF THE BOTS 


Hybrid Contest 
Location: DEF CON Contest Area, Forum Ballroom 
Friday and Saturday 10:00-18:00, Sunday: 10:00-12:00 


Battle of The Bots presents a new twist on traditional 
"King-of-The-Hill" style Capture the Flag events by 
incorporating exploit development, vulnerability 
analysis, reverse engineering and software development 
in the form of developing computer worms aka 
"bots". BOTBs requires competitors to develop proof- 
of-concept exploits against varying misconfigured 

or vulnerable network services. To maximize points 
scored, the competitor's bot must automatically scan 
and compromise network services in the competition 
environment autonomously. Services that are harder 
to exploit (ex: requiring memory corruption exploits 
opposed to misconfigured databases) will result in a 
higher point score for the competitor. 


The vulnerable network services will include real world 
vulnerable services where a competitor can adopt 

off the shelf proof-of-concepts vulnerabilities from an 
offensive security resource (ex: Metasploit Framework, 
exploit-db, packetstorm, etc...) into their bot to achieve 
access to said vulnerable services. Additionally, custom 
built vulnerable services informed by OWASP Top 10 
security bugs as well as CVEs will influence challenge 
development resulting in a competitor to have the 
experience of reverse engineering new applications to 
identify vulnerabilities based on historically significant 
pain points in Software Engineering as well as infamous 
historical CVEs. Battle of The Bots will give competitors 
of all skill levels an opportunity to develop proof-of- 
concept exploits. Network services will be developed 

in a variety of compiled and interpreted languages 

with varying associated vulnerabilities and points. The 
variety of languages will provide opportunities for those 
less experienced with reverse engineering to analyze 


vulnerable Python code to find hidden API endpoints 
that lead to shell execution for example, rather than 
reverse engineer compiled binaries. 


Finally, the BOTBs team will be capturing network traffic 
from the competition environment to later be shared 
with the wider community. The BOTBs team believes 
that this unique dataset of network service attacks can 
act as a unique resource for academic researchers, SOC 
analysts assessing their defenses and training events 
where having attack data for SIEM analysis. The data 
will be released under the Apache 2.0 License and 
hosted publicly on a yet to be determined platform. 


https://battleafthebots.github.io 


BETTING ON 
ЕЯ YOUR DIGITAL 

LAS" WIE RIGHTS: 2ND 
ANNUAL EFF BENEFIT POKER 
TOURNAMENT AT DEF CON 31 


In-person Event 
Location: Off-Site, Horseshoe Poker Room 
Friday 12:00 (11:00 for the pre-tournament poker clinic) 


We're going all in on internet freedom. Take a 

break from hacking the Gibson to face off with your 
competition at the tables—and benefit the Electronic 
Frontier Foundation!Your buy-in is paired with a 
donation to support EFF's mission to protect online 
privacy and free expression for all. Play for glory. Play 
for money. Play for the future of the web. Seating is 
limited, so reserve your spot today. 


We will offer a pre-tournament clinic to help people 
get a refresher on poker so they feel comfortable. This 
contest will be held outside the main conference area; 
it must be held in the Horseshoe Poker Room 


https://www.eff.org/poker 


BLACKS IN 
CYBER VILLAGE 
CTF 


Hybrid Contest 
Location: Forum, Alliance 301-303 


Friday: 12:00 PM - 11:59 PM (in person village closes at 18:00), 
Saturday: 12:00 AM - 5:00 PM 


The year is 2323. You find yourself in an abandoned 
city in the future that is home to a variety of advanced 
technology and systems. You will need to use your skills 
to solve challenges and discover information to use to 
uncover your flags. Along the way, you will learn about 
social justice, privacy, civil rights and surveillance and 
how these can relate to communities and individuals 
as our world explores emerging technologies. This 

is a jeopardy style game with multiple categories in 
Cryptography, Steganography, Exploitation, Forensics, 
Reverse Engineering and more! 


@BlackinCyberCol 


CONTESTS & EVENTS 


BLUE TEAM VILLAGE CTF 


Hybrid Contest 
Location: Blue Team Village, Flamingo, Scenic Ballroom 
Friday CTF begins: 10:30 - 18:00, Saturday: 10:30 - 18:00 (CTF ends) 


The Blue Team Village CTF is a cyber defense CTF 
inspired by a mix of trending nation-state actor kill 
chains and at least one custom insider threat story. 
You are an incident responder tasked to investigate the 
recent attacks against our fictitious company: Magnus 
Tempus Financial. Since Magnus Tempus Financial 
made a vital acquisition expanding its precious metals 
portfolio to oil and gas operational technology (OT), 
you will also investigate their OT environment. 


The CTF challenges contestants to leverage diverse 
cyber defense skills, including Incident Response, 
Forensics, Malware Analysis, Threat Intelligence, and 
Threat Hunting, to be the first team or individual to 
answer or solve the challenges presented. 


The BTV crew developed the CTF to allow anyone, 
regardless of skill or knowledge, to participate, aiming 
to sharpen their cyber defense skills. We believe in 

the idea of choosing your adventure. As a result, 
participants can download a copy of the required 
evidence (logs, packets, etc.) or log into any of the 3 
SIEMs we provide to hunt on. 


If you are new to cyber defense, we highly recommend 
participating in the Blue Team Village Obsidian 
stations. They will cover many of the topics on the CTF 
and will help you along the way! 


@BlueTeamVillage 


THE BOOK EXCHANGE 


10:00 to 16:00, Day(s) to be announced. 
Location: Forum, DEF CON Contest Area 


What's it all about? 


The Book Exchange at DEF CON, will allow for members 
of the community to drop off a used book that has 
been kindly read and may be enjoyable by someone 
else and in return they will be able to select a “new 
gently used” book from the exchange table. 


Why? 


Reading is fundamental. Many of us in the DEF CON 
community have learned and been inspired by books 
and remain avid readers. The DEF CON book exchange 
will allow community members to drop off a book 

that they found inspiring and is sitting on their shelf 
collecting dust and in return they will be able to get a 
new book which hopefully will continue to expand their 
knowledge over the next year. This effort will keep used 
books in circulation. 


When and Where: 


The exchange will be held from 10:00 to 16:00, Day(s) 
to be announced. 


Left over books will be transported and donated to a 
used book store in Las Vegas, but the goal will be to 
have a zero net sum gain. 


CAPTURE THE PACKET 


In-person Contest 
Location: Forum, Packet Hacking Village, Academy 413 
Friday: 09:00-14:00, Saturday: 09:00-14:00, Sunday: 09:00 - 13:00 


The time for those of hardened mettle is drawing near; 
are you prepared to battle? Compete in the world’s 
most challenging cyber defense competition, based 
on the Aries Security Cyber Range. In order to triumph 
over your competitors, contestants must be well 
rounded like the samurai. Tear through the challenges, 
traverse a hostile enterprise class network, and 
diligently analyze what is found in order to make it out 
unscathed. Not only glory, but prizes await those that 
emerge victorious from this upgraded labyrinth. 


This year those brave enough to enter the labyrinth will 
witness never before seen terrors, and only the best 
prepared and battle hardened will manage to escape 
the crucible. Follow us on Twitter or Facebook to get 
notifications for dates and times when your team will 
compete, as well as what prizes will be awarded. 


Web: https://www.capturethepacket.com https://www.ariessecurity.com 


@capturetp , @wallofsheep 


CAR HACKING 
, VILLAGE CTF 


h OST in-person Contest 
[ш ING VILAGE Location: Forum, DEF CON Contest Area 


TOMOTIVE Systeyg 
Friday and Saturday 10:00-18:00, Sunday: 
10:00-12:00 
The Car Hacking Village CTF is a fun interactive 
challenge which gives contestants first hand experience 
to interact with automotive technologies. We work with 
multiple automotive OEM's and suppliers to ensure our 
challenges give a real-world experience to car hacking. 
We understand hacking cars can be expensive, so 
please come check out our village and flex your skills in 
hacking automotive technologies. 


With the largest collection of hackers in one area, 
there’s no better way to understand the security 
state of an industry without bringing it to security 
professionals to break. Over the past 9 years, the 

Car Hacking Village has been the focal point of 
interest for new hackers entering the automotive 
industry to learn, be a part of and actually test out 
automotive technologies. Our contest at the village, in 
combination with many automotive OEMs, Suppliers, 
etc., is used to give people first hand experience on 
cutting edge and at times expensive technologies. 
We plan to use this event to keep drawing attention 
to the automotive security industry through hands-on 
challenges. 


Website: https://www.carhackingvillage.com/ | Community: https://discord.ga/ 
DevtqBZ| àCarHackVillage 


cqmd+ctru 
CMO+CTRL AT DEF CON 31 


In-person Contest 
Location: Forum, DEF CON Contest Area 


First event: Friday 10:00 and ends Friday 16:00, Second event: Starts 
Saturday at 10:00 and ends Saturday at 16:00 


CMD+CTRL Cyber Range is an interactive learning and 
hacking platform where development, security, IT, and 
other roles come together to build an appreciation 
for protecting the enterprise. Players learn security 
techniques in a real-world environment where they 
compete to find vulnerabilities. Real-time scoring 
keeps participants engaged and creates friendly 
competition. Our Cloud and App Cyber Ranges 
incorporate authentic, fully functioning applications 
and vulnerabilities often found in commercial web 
platforms. 


Learn to see web applications and services from an 
attacker's perspective. CMD+CTRL is a hacking game 
designed to teach the fundamentals of web application 
security. Explore vulnerable web applications, 

discover security flaws, and exploit those flaws to earn 
points and climb up the scoreboard. After attacking 
an application for yourself, you'll have a better 
understanding of the vulnerabilities that put real 
applications at risk - and you'll be better prepared to 
find and fix those vulnerabilities in your own code. 


At DEF CON 51: We will be debuting our latest Cyber 
Range, which focuses on exploiting a modern health 
record management system, dubbed ShadowHealth. 
Inspired by the latest trends and real world exploits, 
try your hands exploiting: SSRF Log4Shell, reverse 
engineering, local privilege escalation, password 
cracking, XXS, and so much more! With over 35 
challenges do you think you can complete them all? 


(Qemdnctrl defcon 


CRACKMEIFYOUCAN 


In-person Contest 
Location: Forum, DEF CON Contest Area 

e Friday and Saturday 10:00- 
Ko re Lo gi C 18:00, Sunday: 10:00-12:00 
SECURITY The premiere password 


cracking contest 
“CrackMelfYouCan” is back again. 


Passwords so two-thousand and late. Remember, 
remember, the cracks of November. 


We're preparing hashes from easy to hard, so there'll be 
something for you if you want to compete casually as a 
Street team, or go all out in Pro. 


Where we're going, we don't need roads. Purely a 
penchant for puzzles, perhaps a plethora of processors. 


Check out past years' contests at https://contest. 
korelogic.com/ , and the Password Village at https:// 
passwordvillage.org/ 


https://contest.korelagic.com/, 


CREATIVE WRITING SHORT 
STORY CONTEST 


Online Contest 
Location: Onlline Pre-Con 


The DEF CON Short Story contest is a pre-con contest 
that is run entirely online utilizing the DEF CON forums, 
Twitter, and reddit. This contest follows the theme of 
DEF CON for the year and encourages hackers to roll 
up their sleeves, don their proverbial thinking cap, and 
write the best creative story that they can. The Short 
Story Contest encourages skills that are invaluable in 
the hacker’s world, but are often overlooked. Creative 
writing in a contest setting helps celebrate creativity 
and originality in arenas other than hardware or 
software hacking and provides a creative outlet for 
individuals who may not have another place to tell their 
stories. 


More Info: @dcshortstory 


The contest is run pre-con. The proposed contest will 
run from May 1, 2023 to June 15, 2023. Judging will 
run from June 16, 2023 to June 30, 2023. Winners will 
be announced July 8, 2023. 


@dcshortstory 


CYCLEQVERRIDE 
DEF CON BIKE 
RIDE 


In-person Event 
Location: Off-Site 


CYCLE 


Friday 06:00 


At 6am on Friday, the @cycle_override crew will be 
hosting the 11th DEF CON Bikeride. We'll meet at a 
local bikeshop, get some rental bicycles, and about 
7am will make the ride out to Red Rocks. It’s about a 
15 mile ride, all downhill on the return journey. So, if 
you are crazy enough to join us, get some water, and 
head over to cycleoverride.org for more info. See you at 
бат Friday! @jp_bourget @gdead @heidishmoo. Go to 
cycleoverride.org for more info. 


https://cycleaverride.org/ 


V 


DARKNET-NG 


In-person Contest 
Location: Forum, DEF CON Contest Area 


Friday and Saturday 10:00 - 16:30 pm 
(Contest shut down overnight), Sunday: 
10: 00 - 12:00 (Contest ends at noon, and 
contest results to contests by 13:00} 


Darknet-ng. network 


Darknet-NG is an In-Person Massively Multiplayer Online 
Role Playing Game (MMO-RPG), where the players take 
on the Persona of an Agent who is sent on Quests to 
learn real skills and gain in-game points. If this is your 
first time at DEF CON, this is a great place to start, 
because we assume no prior knowledge. Building 

from basic concepts, we teach agents about a range 
of topics from Lock-picking, to using and decoding 
ciphers, to Electronics 101, just to name a few, all 
while also helping to connect them to the larger DEF 
CON Community. The "Learning Quests" help the agent 


CONTESTS & EVENS 


gather knowledge from all across the other villages at 
the conference, while the “Challenge Quests” help hone 
their skills! Sunday Morning there is a BOSS FIGHT 
where the Agents must use their combined skills as a 
community and take on that year’s challenge! There 

is a whole skill tree of personal knowledge to obtain, 
community to connect with and memories to make! 

To get started, check out our site https://darknet-ng. 
network and join our growing Discord Community! 


Mastodon: https://defcon.social/@DarknetNG 
https://darknet-ng.network 
@DarknetNg 


DC KUBERNETES CAPTURE 
THE FLAG (CTF) 


Online Contest 
Location: Online 
Friday 10:00-20:00, Saturday 10:00-17:00 


The DEF CON Kubernetes Capture the Flag (CTF) 
contest features a Kubernetes-based CTF challenge, 
where teams and individuals can build and test their 
Kubernetes hacking skills. Each team/individual 

is given access to a single Kubernetes cluster that 
contains a set of serial challenges, winning flags and 
points as they progress. Later flags pose more difficulty, 
but count for more points. 


A scoreboard tracks the teams’ current and final 
scores. In the event of a tie, the first team to achieve 
the score wins that tie. 


https://containersecurityctf.com/ 


@ctfsecurity 


sticker, design contest 


DC STICKER 
DESIGN CONTEST 


online Contest 


Location: Onlline Pre-Con 


Ancient warriors used tattoos as a means of indicating 
rank in battle; it was the sort of mark that told the 
tales of their various conquests - their struggles and 
triumphs. Similarly, traversing the halls of DEF CON, 
one can see more modern versions manifesting as 
stickers - especially on laptops and other electronic 
equipment. 


We use stickers to break the ice with strangers, as a 
barter currency, to tell the tales of our struggles and 
triumphs. After all, is a hacker really a hacker without a 
laptop adorned with these markings? 


Here’s your chance to be part of hacker culture, by 
creating something that people around the world will 
treasure and proudly display. Submit original artwork in 
the theme of the con, that you believe best exemplifies 
hacker culture, that will be used as printed stickers. 


On your marks... Make your mark. 


GillnfosecStickers(Gitwitter), @stickers@defcon.social 


Е TOURNAMENT AT 
DEF CON 


In-person Contest 
Location: Forum, DEF CON Contest Area 
Saturday 15:00 - 18:00 


Chess, computers, and hacking go way back. In the 
18th century, the Mechanical Turk appeared to play a 
good game, but there was a human ghost hiding in the 
shell. Some of the first computer software was written 
to play chess. In 1997, world champion Garry Kasparov 
lost to the program Deep Blue, but after the match 

he accused IBM of cheating, alleging that only a rival 
grandmaster could have made certain moves. 


At DEF CON 31, we will run a human chess tournament. 
The games will have a “blitz” time control of 5 minutes 
on each player's clock, for a maximum total game 
time of 10 minutes. The tournament will have a Swiss- 
system format, with a fixed number of rounds. The 
match pairing for each round is done after the previous 
round has ended, and depends on its results. Each 
player is paired with another player who has a similar 
running score. 


To determine the winner, the Swiss system is 
considered highly effective, even when there is a large 
number of competitors and a small number of rounds. 
Every player gets to play the full tournament, and the 
winner has the highest aggregate score when all rounds 
are over. 


There will be trophies and prizes for the top three 
players. 


The tournament mechanics will be managed by the 
Las Vegas Chess Center (LVCC), which has many years 
of experience in organizing royal game tournaments 
for all strength levels and ages. LVCC has professional 
coaches, and grandmasters are frequent visitors. 


https://forum.defcon.org/node/241371 


@defconchess 


@chessdefcon 


DEF CON 
SCAVENGER 
HUNT 


In-person Contest 
Location: Forum, DEF CON 
Contest Area 


Friday and Saturday 10:00-18:00, Sunday: 10:00-12:00 
Are you tired of being an NPC, mindlessly standing 


in line at a hacker con? Do you want to be involved 
and improve the hacker community? The DEF CON 


Scavenger Hunt is here to encourage you to interact 
with goons and attendees alike; to be an active 
participant of DEF CON itself. 


Come visit the DEF CON Scavenger Hunt table in the 
contest area and get a list, register your team of 1 to 5 
players, and gather or accomplish as many items from 
the list as you can. Items are submitted at the table, 
better than average submissions shall be awarded 
bonus points. The team who turns in the most points 
by Sunday at noon will win the admiration of your like- 
minded peers. 


The DEF CON Scavenger Hunt is one of the longest 
running contests at DEF CON, visit https:// 
defconscavhunt.com for a history lesson. 

If you capture pictures or video of items from our list, 
or have in the past, please send them to us via email 
scavlist@gmail.com. 


@defconscavhunt 


DC’S NEXT TOP THREAT 
MODEL (DCNTTM) 


Hybrid Contest 
Location: Forum, DEF CON Contest Area 
Friday and Saturday 10:00-18:00 


Threat Modeling is arguably the single most important 
activity in an application security program and if 
performed early can identify a wide range of potential 
flaws before a single line of code has been written. 
While being so critically important there is no single 
correct way to perform Threat Modeling, many 
techniques, methodologies and/or tools exist. 


As part of our challenge we will present contestants 
with the exact same design and compare the outputs 
they produce against a number of categories in order 
to identify a winner and crown DEF CON's Next Top 
Threat Model(er). 


@ThreatModelUs 


DEF CON MUD DUMB 
TERMINAL EDITION 


In-person Contest 

Location: Forum, DEF CON Contest Area 

Friday & Saturday 10:00 - 18:00, Sunday 10:00 to 12:00 

The DEF CON MUD is back, this time you can only 
access it over dumb terminals or serial terminals 
hosted by the DEF CON SCAV Hunt. Flags will be hosted 
inside the mud, good luck, have fun, and oh yes the 
game has exploits, can you find them all? 


DEFCON.RUN 


In-person Event 

Location: Off-Site 

Thursday: bam to 10AM, Friday: bam to 10am, Saturday: bam to 10am, 
Sunday: Шат 


Defcon.run is an evolution of the now long running DEF 
CON 4x5K running event. Due to stupendous growth, 
we've been forced to change up the format. This year's 


activity will look to match up folks for fun runs, and 
rucks (!), in small distributed groups around Las Vegas. 
It's the same old event but at a distributed scale! 


Show up in the morning, go for a run with folks, have a 
good time! 


We'll have a full set of routes for people to choose from 
from simple 5Ks to more ambitious distances. Full 
Information at https://defcon.run 


we OUNGEONS@DEF 
` ган 


Hybrid Contest 
Location: Forum, DEF CON Contest Area 
Friday & Saturday 10:00 - 18:00 


D@D is a table-top/RPG themed puzzling campaign 

for teams of 1-4 players. As part of the campaign, 
teams will unravel crypto challenges, solve physical 
puzzles, and do other side-quests that will have them 
interacting with different components of the DEF CON 
community (villages, goons, NPCs, local wildlife, trolls, 
etc.) to earn points and progress through a narrative. 
The theme changes each year, but typically is based 
loosely on a popular table-top game that fits the theme 
for DEF CON. Teams learn how to work cooperatively to 
solve large puzzles, and learn how to solve puzzles that 
they may have seen in CTFs, escape rooms, or other 
puzzle venues. The contest is designed to be accessible 
to all technical levels and all ages. 


Pre-registration will occur online the week before con 
(announced via Twitter) as well as Friday morning at 10 
in person, first come first served until we have enough 
teams filled. Contest will start at 12:00 on Friday 


http://www.dungeonsatdefcon.com/ 


EFF TECH TRIVIA 


In-person Event 
Location: Forum, DEF CON Chillout Lounge 


ED TI 


Saturday 18:00-20:00 


EFF's team of technology experts have crafted 
challenging trivia about the fascinating, obscure, and 
trivial aspects of digital security, online rights, and 
Internet culture. Competing teams will plumb the 
unfathomable depths of their knowledge, but only the 
champion hive mind will claim the First Place Tech 
Trivia Prize (TBD) and EFF swag pack. The second and 
third place teams will also win great EFF gear. 


https://www.efforg 


EMBEDDED CTF 


In-person Contest 


Location: Embedded Systems Village, Flamingo, 
Reno 2 


Friday & Saturday 10:00 - 18:00, Sunday: 10:00 
-14:00 


Embedded systems are everywhere in our daily lives, 
from the smart devices in our homes to the systems 
that control critical infrastructure. These systems exist 
at the intersection of hardware and software, built to 
accomplish a specific task. However, unlike general- 
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purpose computers, embedded systems are typically 
designed for a particular use case and have limited 
resources. This makes them both challenging and 
fascinating to work with, especially from a security 
perspective. 


The Embedded CTF contest is an exciting opportunity 
to explore the intricacies of these systems and test 
your skills in a competitive environment. Contestants 
are challenged to find vulnerabilities in the firmware or 
hardware and exploit them to gain access or control 
over the device. The contest offers a unique opportunity 
to explore embedded devices’ inner workings and 
understand their design’s security implications. 


New devices will be dramatically introduced at set 
intervals throughout the competition, and point 
values will decrease over time. This keeps contestants 
guessing and on their toes, forcing them to adapt and 
use their skills to tackle new challenges. It also offers 
a chance to learn about different types of devices and 
how they function, broadening participants’ knowledge 
and experience. 


By participating in the contest, teams of up to 6 
contestants can develop a deep understanding of how 
these systems operate and how to secure them against 
potential attacks. Additionally, the contest encourages 
participants to think outside the box and approach 
problems creatively, honing their problem-solving skills. 


With the increasing integration of technology in our 
daily lives, embedded devices are becoming more 
ubiquitous. Whether you're a seasoned security 
professional or just starting in the field, this contest 
offers a chance to learn, test your skills, and have fun 
in a dynamic and competitive environment. 


@EmbeddedVillage 


LIAS = MAN) 
HAC-MAN 


Hybrid Contest 
Location: Forum, DEF CON Contest Area 
Begin: Thu Aug 10th at 08:00, End: Sun Aug 13th at 12:00 


Hac-Man is a hacker skills challenge, themed after the 
classic arcade game “Pac-Man”. Navigate your avatar 
through the maze, completing skills challenges in 
many different skills categories such as Ciphers and 
Codes, Reverse Engineering, Packet Analysis, Scavenger 
Hunt, Trivia, and Lock-picking. Can you make it to the 
end of the maze, or better yet, top the Leaderboard? 


https://hacman.roguesignal.ia/ 


@Hac Man 


HACK-A-SAT 4 (HAS4) 


In-person Contest 
Location: Forum, DEF CON Contest Area 


Friday and Saturday 10:00 — 18:00 (active game hours), Sunday 12:00 
- 13:30 (HAS4 closing ceremony in Aerospace Village) 


The Department of the Air Force, in collaboration with 
the security research community, is hosting Hack-A-Sat 
4 - the world's first CTF in space. Hack-A-Sat 4 aims 

to enable security researchers of all levels to focus 
their skills and creativity on solving cyber security 
challenges on space systems and incentivize innovation 
in securing these systems. Hack-A-Sat 4 will be the first 
CTF hosted on an on-orbit satellite, called Moonlighter. 
The satellite has been designed and built to advance 
the security research community's skills and knowledge 
of on-orbit space systems. Note: HAS4 is no longer 
open to new contestants as the qualifying event 

took place in April. Attendees stopping by the HAS4 
contest area will be able to learn about the history of 
Hack-A-Sat, Moonlighter and this year's challenges. 
The area will have live scoreboards, dashboards 

and visualizations relaying game status, and live 
commentary will be provided from the adjacent 
Aerospace Village throughout the weekend. 


HAS4 Qualifications were held April 1-2, 2023. 


Results here: https://quals.2023.hackasat.com/ 
scoreboard/complete 


HACK3R RUNWGY 


In-person Contest 
Location: Forum, DEF CON Contest Area 


Friday and Saturday, 14:00 - 16:00, Signup to walk the Contest Stage/ 
Runway 15:30-16:30, Stage show 17:00 - 18:00 


Returning to the stage for DEF CON 50 was surreal 
and we'd be honored to return for the 5th year. Hack3r 
Runw@y brings out all the sheik geeks out there. It 
encourages rethinking fashion in the eyes of hackers. 
Be it smartwear, LED additions, obfuscation, cosplay 
or just everyday wear using fabrics and textures that 
are familiar to the community. Contestants can enter 
clothing, shoes, jewelry, hats or accessories. If it can 
be worn, it is perfect for the runway. For convenience, 
contestants can enter the contest with designs made 
ahead of the conference, however it needs to be made 
by them and not just store bought. Hack5r Runway is 
perfect for everyone whether technologically savvy or 
just crafty. 


Awards will be handed out in 4 categories and one 
trophy for the People's Choice category where the 
winner is anyone's guess: 


Digital wearable - LED, electronic, passive 


Smart wear - interactive, temperature sensing, mood 
changing, card skimmers, etc 


Aesthetics (non-electronic)- 3d printed, geeky/nerdy 
wear, obfuscation, cosplay 


Functional wear - did you bling out your mask and/or 
shield, have a hazmat suit, lock pick earrings, cufflinks 
shims 


Winners will be selected based on, but not limited to: 


Uniqueness, Trendy, Practical, Couture, Creativity, 
Relevance, Originality, Presentation, and Mastery 


https://hack3rrunway.github.io 


@hack3rrunway 


М HACKER 


VERS JEOPARDY 


In-person Contest 
Location: Forum, Room 232 
Friday and Saturday 20:00 - 22:00 


Lintile: Hiya, ChatGPT, are you aware of the annual 
contest called Hacker Jeopardy at DEF CON? When is 
it? 

ChatGPT: Yes, Hacker Jeopardy is a popular event 

at DEF CON. It’s a parody of the television game 

show ‘Jeopardy!” but with a twist. Instead of general 
knowledge, the questions (or “answers,” in Jeopardy 
style) are focused on hacker culture, computer security, 
technology, 


and similar topics. The game consists of two 
preliminary rounds on Friday, and a final round on 
Saturday. Both shows start at 2000 Las Vegas time. 
Just like in the original game show, there are DFIU 
Doubles and a Final Hacker Jeopardy round. 


One unique aspect of Hacker Jeopardy that 
distinguishes it from the TV show is the incorporation 
of ADULT HUMOR, vulgarity, innuendo, and beer into 
the game. 


Please remember, my knowledge is current only up to 
September 2021, and if there have been any significant 
changes to Hacker Jeopardy after that, I would not be 
aware of them. 


Lintile: What's the catch phrase of Hacker Jeopardy? 


ChatGPT: The catch phrase of Hacker Jeopardy is “Drink 
while you think". This refers to the unique element of 
the game where contestants are encouraged to drink 
beer while they are attempting to come up with the 
correct response to the clues. 


Lintile: That's not correct. The acronym of the catch 
phrase is DFIU. 


ChatGPT: I apologize for the oversight. The catchphrase 
for Hacker Jeopardy at DEF CON is "Don't Forget It's 
UNIX" (DFIU), which is used humorously due to the 
historically significant role of Unix-based systems in 
hacking and network security. This phrase is often used 
to remind participants of the roots of many computer 
systems and infrastructures. 1 appreciate your patience 
and your correct information. 


Note that this is an ADULT show with vulgarities and 
alcohol consumption, but if that doesn't bother you, 
come enjoy one of the largest contests at DEF CON 
that you really need to see to believe! And as always, 
DFIU! 


HACKER ИЧ 
Pe KARAOKE 


In-person Event 
Location: Forum, Room 214-216 
Friday & Saturday 20:00 - 02:00 


For those who love to sing and perform in front of 
others, we are celebrating our 15th year of Love, 
Laughter, and Song from 8 PM to 2 AM Friday and 
Saturday night. 


We are open to everyone of any age, and singing 
is not required. For more information visit: https:// 
hackerkaraoke.org or @hackerkaraoke@defcon.social 


@hackerkaraoke@defcon.social 


HACKFORTRESS 


In-person Contest 
Location: Forum, DEF CON Contest Area 


Friday 10:00 - 18:00 (open play), Saturday 
10:00 - 18:00 ( Contest) 


Hackfortress is a unique blend of Team Fortress 2 and 
a computer security contest. Teams are made up of 

6 TF2 players and 4 hackers, TF2 players duke it out 
while hackers are busy with challenges like application 
security, network security, social engineering, or reverse 
engineering. As teams start scoring they can redeem 
points in the hack fortress store for bonuses. Bonuses 
range from crits for the TF2, lighting the opposing 
team on fire, or preventing the other teams hackers 
from accessing the store. HackFortress challenges 
range from beginner to advanced, from serious to 
absurd. 


hackfortress.net 


@tf2shmoo 


(б) HAM RADIO 
Be EXAMS 


In-person Event 
Location: Ham Radio Village, Flamingo, Laughlin 
Friday 13:00-15:00, Saturday 11:00-17:00, Sunday 11:00-13:00 


Ham radio is the original group of electronic hackers, 
starting long before computers, circuit chips, or 
even transistors. Continuing this pioneer spirit, The 
Ham Radio Village is offering free ham radio exams 
again at DEF CON 31! All are welcome to come and 
take the exam and get their amateur radio license 
upon passing. All three levels (technician, general, 
and amateur extra) of exams will be offered during 
DEF CON 31 at the Ham Radio Village. Examinees 
are encouraged to study the question pool and take 
practice exams on ham.study. 


https://hamvillage.org/ 


@HamRadioVillage on twitter and defcon.social 


For Pwning > NV > Las Vegas > 89109 


NAUTILUS 
INSTITUTE 


We're pleased to welcome you 

back to DEF CON Capture the Flag 
(CTF) for our second year. We'd 

like to give a huge shout out to all 
the players in the CTF community 
who've worked with us through the 
process of building the game we 
want to run. We know there's a lot of 
work that goes in to fielding a hack- 
ing team, whether you're a hundred 
strong super team trying for the 
eight black badges, a midsize team 
of friends or colleagues enjoying a 
fun weekend together, or flying solo 
trying to land that category you've 
never attempted before. It's a tough 
game and we're glad you're playing. 


34,674,885 SandDollars 
Est. Mortgage 1337 SandDollars 


еее 


Blue Water 


The Parliament of Ducks 


orgakraut 
SuperDiceCode 
TWN48 

Straw Hat 
Norsecode'23 
mhackeroni 

P1G BuT SAD 
Shellphish 
undef1ned 

HypeBoy 
PTB_WTL_OT 
Katzebin 

if this doesn't work... 
Never Stop Exploiting 
untitled 

Team Baguette 

JMP FS:[RCX] 


tasteless 


3753 
3499 
3466 
3398 
3236 
3204 
3090 
2920 
2745 
2500 
2481 
2417 
2156 
2112 
2083 
2078 
1590 
1369 
1284 

1211 


This year’s qualifiers featured all new challenges, with binaries and web 
sockets, rop chains and real estate, and occasional hot properties from 
our pals at LiveCTF. 


Get Qualified 


This year, we're bringing twelve teams to finals. If you want to put ina 
bid for our 2024 game, either win this year, place high in our qualifiers 
early 2024, or keep an eye out for other qualification opportunities on 
https: //nautilus. institute . 


Take a Tour 


Our contest area hosts teams that have traveled from all over the world 
to compete. Please be considerate of their hard work and dedication 

to the game and try not to break their concentration. Nautilus Institute 
members can be identified by our lab coats and may be free to answer 
your questions, and of course watching the contest respectfully is always 
welcome. 


We plan to host a LiveCTF tournament as part of our contest from Friday 
to Sunday; check the schedule on https://nautilus.institute for some high 
stakes real time hacking hijinks. 


Thanks 


Thank you to the DEF CON community for helping us grow the compet- 
itive hacking community and thank you to everyone in the hacking and 
CTF world for letting us contribute and share this experience with you. 
Huge thanks to the DEF CON goons for making DEF CON what it is to- 
day, and special thanks to DT and the DEF CON contest and events crew 
for making this possible at all. We hope you enjoy DEF CON CTF 2023! 


https: //nautilus. institute 
https: //defcon.social/@nautilusinstitute 


CONTESTS & EVENS 


HAM RADIO FOX HUNTING 
CONTEST 


In-person Contest 
Location: Forum, DEF CON Contest Area 
Friday and Saturday 10:00-18:00, Sunday: 10:00-12:00 


In the world of amateur radio, groups of hams will 
often put together a transmitter hunt (also called 

“fox hunting”) in order to hone their radio direction 
finding skills to locate one or more hidden radio 
transmitters broadcasting. The DEF CON Fox Hunt will 
require participants to locate a number of hidden radio 
transmitters broadcasting at very low power which are 
hidden throughout the conference. Each transmitter 
will provide a clue or code which will prove the player 
found the fox transmitter. A map with rough search 
areas will be given to participants to quide them on 
their hunt. Additional hints and tips will be provided 
throughout DEF CON at the contest table to help 
people who find themselves stuck. A small prize to 

be determined will be given to each participant who 
locates all of the foxes each day. 


Expanded this year with increased difficulty each day. 
Friday: Foxes in a small area, non moving 
Saturday: Foxes in a larger area, with one moving. 
Sunday: Foxes are on the move. The hunt is on! 


There will also be a beginner friendly, no radio 
required, Infrared LED Fox Hunt running everyday which 
participants can use their cameras on their phones to 
find! 


defcondlfoxhunt.com 


HARDWARE 
HACKING VILLAGE 
CTF 


In-person Contest 
Location: Forum, Alliance 318 


С T F Friday and Saturday 10:00-18:00 


Heat up your soldering iron and 
freshen the batteries in your multimeter! The Hardware 
Hacking Village (HHV) is hosting their first official DEF 
CON Capture the Flag (CTF). This is a jeopardy style СТЕ 
designed to challenge participants in various aspects 
of hardware hacking. Whether you're new to hardware 
hacking or experienced and just looking for something 
to do while you wait for your fault injection to trigger, 
all are welcome and challenges range from beginner to 
advanced. 


(dc hhv 


HARDWIRED 


In-persan Contest 

Location: Forum, Packet Hacking Village, Academy 413 

Friday: 09:00-14:00, Saturday: 09:00-14:00, Sunday: 09:00 - 13:00 
Have you ever built a hardwired network? It sounds 
simple. Follow the cabling diagram, use the crimpers, 
and voila. But we've added a twist: this is cable 
construction on the clock. Whether you're a seasoned 
pro or a complete newbie, we provide all the tools 
necessary for you to hone your skills and race against 
time to create and test a working cable. Come play 
HardWired and show us what you've got! 

Web: https://www.capturethepacket.com https://www.ariessecurity.com 


@capturetp, @wallofsheep 


INTELOPS - 
OPERATION 
SPACEWATCH 


In-person Contest 
Location: Forum, DEF CON Contest 


(NTELOPS 


OPERATION SPACEWATCH 


Area 
Friday 10:00 — 18:00 


Welcome to IntelOps - Operation Spacewatch! This is 
a game that pits you against threat actors in the near 
future, who are trying to trigger nuclear war! Using 
cyber threat intelligence, it is up to you to support 
cyber protection teams to defend a vital satellite 
constellation and prevent a hacker network from 
undermining your collective defense in a race against 
time. 


@CTI_operations 


IDT VILLAGE CTF 


In-person Contest 


Т Forum, IOT Village, Alliance 


Friday and Saturday 10:00-18:00, Sunday: 


VILLAGE 29400 


Hosted in IoT Village, teams of 
1-6 players compete against one another by exploiting 
off-the-shelf IoT devices. This has been completely 
redesigned from previous contests, and features real- 
world devices that all have real-world vulnerabilities 
with real-world impacts. 


This CTF is open to anyone! It is approachable for entry 
level people to experience getting their first root shell 
on IoT, but to really advance in this CTF teams will need 
to perform detailed vulnerability research, hardware 
hacking, firmware analysis, reverse engineering, and 
limited exploit development. 


CTFs are a great experience to learn more about 
security and test your skills, and the IoT CTF provides 
the most realistic hacking experience around! So, join 


up in a team (or even by yourself) and compete for fun 
and prizes! Exploit as many as you can during the con 
and the top three teams will be rewarded. 


https://scarehaard.iatvillage.org/' 


IT'S IN THAT PLACE WHERE I 
PUT THAT THING THAT TIME 


In-person Contest 
Location: Forum, DEF CON Contest Area 
Friday and Saturday 10:00-18:00 


Your friend called. They had their place raided. They 
swear it's a setup. But now they're in jail and you're the 
only hope they have. Can you collect the evidence that 
will let them walk free? Where should you look? The 
evidence is everywhere, and it could be anywhere. You 
might be sitting on it. You might be standing near it. It 
might be stuck to something. It might be lying in plain 
sight. Find the disks and bring them to us. All they said 
to you before they hung up was "It's in that place where 
I put that thing that time." Good luck. 


Giitpwiptttt 


MAPS OF THE 
DIGITAL LANDS 


In-person Contest 


Location: Forum, DEF CON Contest 
Area 


Friday and Saturday 10:00-18:00, Sunday: 
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10:00-12:00 


Maps of the Digital Lands is an all-ages contest that 
challenges participants to merge their artistic talents 
with their technical expertise. Contestants will be 
provided with a diverse array of written business 
designs and must hand-draw a network diagram 
illustrating the structure and interconnectivity of each 
business's infrastructure. Judging will be based on 
accuracy, adherence to best practices, and artistic 
prowess. In addition, a captivating Capture the Flag 
scenario will be available for extra points, employing 
a digital tool to elevate the challenge. Participants of 
all skill levels are encouraged to join this immersive 
experience, compete for assorted prizes, and showcase 
their unique ability to blend artistry with network 
engineering excellence. Network engineering is a 
crucial yet frequently overlooked aspect of hacking, 
forming the backbone of a secure and efficient cyber 
ecosystem. By honing their network engineering 
skills, participants can elevate their abilities beyond 
mere script kiddie status, gaining a comprehensive 
understanding of system vulnerabilities and 
strengthening their overall hacking prowess. 


https://alienvualt.com/ 
Booking CTF slots at https://alienvualt.com/ctf 


OCTOPUS GAME 


In-person Contest 


Location: Forum, DEF CON Contest 
Area 


Friday and Saturday 10:00 - 14:00, Sunday 
10:00-12:00 

Octopus Game is back for a second year! This contest 
is a battle royale style competition where fun and 
friendship is the goal. This year players will meet 
together in various locations at the same time for 
group competition through through fun games. 128 
players will enter, but only 1 will be crowned the 
Octopus CHAMPION. Join us, make some new friends 
and remember: only the best will prevail! 


https://www.mirolabs.info/octopusgamedc3l 


@OctopusGameDC, https://defcon.social/@0ctopusGame 


PHISH STORIES 
@)Phish 
Stories 


Online Contest 
A creative writing contest to craft the perfect phishing 
email in several categories. Read the entries and check 
out the winners on the DEF CON Forums at https:// 
forum.defcon.org/node/246072 or on https://media. 
defcon.org 


Location: Onlline Pre-Con 


@phishstories 


PTFS PRESENTS: MAYHEM 
INDUSTRIES - STARPHISH 


Contest 
Location: DEF CON Contest Area, Forum Ballroom 
Friday 10:00 - 20:00, Saturday 10:00 - 20:00, Sunday 10:00 to 12:00 


Do you have what it takes to go up against Mayhem 
Industries’ latest maleficent project? Starphish Ltd. is 
up to no good in that way that only corporations can 
be. They've got five Divisions, which means you've got 
five opportunities to shut them down! 


It won't be easy. You'll be directing a team of infiltrators 
through increasingly difficult challenges. What sort of 
challenges? Depends on the Division. Engineering is 
full of crunchy hacking challenges. HR's got the goods 
on social engineering. Finance'll be data processing 
the whole way. 


And the C-suite? Most dangerous of all... We've never 
been able to get an operative inside, so they could be 
anything. We're counting on you. 


Starphish is a fun and interactive jeopardy style CTF 
contest. Don't worry if you don't know what that 
means. Winning will require demonstrating a wide 
range of hacking skills, but participating is encouraged 
for all ability levels. Challenges range from simple 
puzzles, to challenging crypto problems, to truly phishy 
hijinks. 

pTFS is a hacker collective that has been competing in 
various DEF CON contests for almost 15 years. 


https://otfs.team/de31 


CONTESTS & EVENS 


PUB QUIZ AT DEF CON 


in-person Contest 

Location: Forum, DEF CON Chillout Lounge 

Friday 18:00-20:30 

Do you like Pub Quiz please join us in participating in 
the first every DEF CON Pub Quiz. Quiz will consist of 7 
rounds from Question from 90s TV shows, Movies, and 
DEF CON questions. The quiz will be theme will be all 
things DEF CON. There will be visual and audio rounds 
so not just boring questions. People will group into 
teams of 5 and a cash prize will be provided for 1st, 
2nd, and 3rd high scoring groups. Ties will be broken 
by a dance off from a person of the tied teams. 


15 Prize $1,000, 2nd Prize $300, 3rd Prize $200 


RADIO 
FREQUENCY 
CAPTURE THE 
FLAG 


Hybrid Contest 


Location: Flamingo, Radio Frequency Village, Eldorado Ballroom 
Friday and Saturday 10:00-18:00, Sunday: 10:00-14:00 


Do you have what it takes to hack WiFi, Bluetooth, and 
Software Defined Radio (SDR)? 


RF Hackers Sanctuary (the group formerly known 

as Wireless Village) is once again holding the Radio 
Frequency Capture the Flag (RFCTF) at DEF CON 31. 
RFHS runs this game to teach security concepts and 
to give people a safe and legal way to practice attacks 
against new and old wireless technologies. 


RE 


We cater to both those who are new to radio 
communications as well as to those who have 

been playing for a long time. We are looking for 
inexperienced players on up to the SIGINT secret 
squirrels to play our games. The RFCTF can be played 
with a little knowledge, a pen tester’s determination, 
and $0 to $$$$$ worth of special equipment. Our 
new virtual RFCTF can be played completely remotely 
without needing any specialized equipment at all, just 
using your web browser! The key is to read the clues, 
determine the goal of each challenge, and have fun 
learning.https://rfhackers.com 


(rf ctf and @rfhackers 


RED ALERT ICS CTF 


Contest 
Friday: 12:00 - 17:00, Saturday: 10:00 - 17:00, Sunday: 10:00 - 12:00 
Location: DEF CON Contest Area, Forum Ballroom 


Red Alert ICS CTF is a competition for Hackers by 
Hackers. The event exclusively focuses on having the 
participants break through several layers of security 
in our virtual SCADA environment and eventually take 
over complete control of the SCADA system. 


The contest would house actual 
ICS (Industrial Control System) 
devices from various vendors on 
a testbed showcasing different 
sectors of critical infrastructure. 
The participants would be able to 
view and engage with the devices 
in real time and understand how 
each of them control each of the aspects of the testbed 
and leverage this to compromise the devices. 


Red Alert ICS CTF is back with a ton of fun challenges 
after successfully running the CTF at DEF CON 30, DEF 
CON 29, DEF CON 27 and DEF CON 26 (Black Badge). 
Highlights of the previous Red Alert ICS CTF is available 
at: https://www.youtube.com/watch?v-dz7hNnavHaY 
and https://youtu.be/AanKdrrQOuO 


Qicsctf 


RED TEAM CTF 


Hybrid Contest 
Location: Forum, DEF CON Contest Area 
Friday and Saturday 10:00-18:00, Sunday: 10:00-12:00 


The Red Team Capture the Flag (CTF) competition 

at DEF CON is a challenging and exciting event that 
tests the skills of participants in offensive security. 
The objective of the Red Team CTF is for teams to 
successfully breach the security of a simulated target 
network. 


Red Alert 


The Red Team CTF is designed to simulate real-world 
scenarios in which attackers attempt to penetrate 

the security of a network or system. Participants are 
expected to use a wide range of hacking techniques, 
tools, and skills to identify and exploit vulnerabilities in 
the target network. 


Teams are typically composed of experienced hackers, 
penetration testers, and security researchers who 
have a deep understanding of the latest cybersecurity 
threats and attack techniques. They must work 
together to uncover and exploit vulnerabilities in the 
target network, while also evading detection and 
countermeasures put in place by the Blue Team. 


The Red Team CTF at DEF CON is considered one of the 
most challenging and prestigious CTF competitions in 
the world, with participants coming from all over the 
globe to compete. It is a high-pressure, high-stakes 
event that tests the limits of participants’ technical and 
strategic abilities, and offers a unique opportunity to 
showcase their skills and knowledge in front of a global 
audience of Hackers. 


https://threatsims.com/redteam-2023.html. 


SOCIAL 
ENGINEERING 
COMMUNITY 
(SEC) VISHING 
COMPETITION 


in-person Contest 
Location: Ling, Social Engineering Community Village, Social A 
Friday 0830 - 1600 


In this competition (#SECVC), teams go toe to toe by 
placing live vishing (voice phishing) phone calls in 
front of the Social Engineering Community audience 
at DEF CON. These calls showcase the duality of ease 
and complexity of the craft against the various levels 
of preparedness and defenses by actual companies. 
Teams can consist of 1-3 individuals, which we 

hope allows for teams to utilize novel techniques 

to implement different Social Engineering tactics. 
Each team has limited time to place as many calls 

as possible from a soundproof booth. During that 
time, their goal is to elicit from the receiver as many 
objectives as possible. Whether you're an attacker, 
defender, business executive, or brand new to this 
community, you can learn by witnessing firsthand how 
easy it is for some competitors to schmooze their way 
to their goals and how well prepared some companies 
are to shut down those competitors! 


2023 judges: Corgi, FC aka freakyclown, and Snow 


2023 coaches: Ibetika, JC, C_3PJoe, and Split Beans 
(last year’s SECVC winners: Jenn, Matt, and Sean) 


This competition takes place on Friday in the Social 
Engineering Community village, be sure to get there 
early to get a seat; they fill up fast! Additionally, 

at the end of Friday, join Snow as she covers the 
behind the scenes of creating the SECVC, this year’s 
lessons learned, team highlights, and tips for future 
competitors! 


https://www.se.community/events/vishing-competition/ 


@sec_defcon 


SOCIAL 
ENGINEERING 
COMMUNITY 
(SEC) YOUTH 
CHALLENGE 


In-person Contest 
Location: Ling, Social Engineering Community Village, Social A 
Friday and Saturday 09:00-18:00 


The purpose of the Youth Challenge is to provide 
anyone under the age of 17 with an event for them to 
participate. Challenges and puzzles incorporate general 
cybersecurity with an emphasis on OSINT and Social 
Engineering. Challenges will be crafted in a way that 
steers participants to different villages with specific 
goals to broaden their exposure of different subject 
matter available at DEF CON. There will be a sign-up 


form prior to DEF CON, as well as encouraging walk-up 
participation for those who may not have been aware of 
the offering. 


https://twitter.com/sec_defcon 


@sec_defcon 


 )TeleChallenge 


TELECHALLENGE 


Hybrid Contest 
Location: Forum, DEF CON Contest Area 
Friday and Saturday 10:00-18:00, Sunday: 10:00-12:00 


The TeleChallenge is a fast-paced, fully immersive, 
and epic battle of wits and skill. The highest level 

of commitment is required, and this is one of the 
hardest contests in the world to win, but you don't 
need any special technical skills to play: just a touch- 
tone phone. And remember: the best way to ascend 
into the Phoniverse is to get others involved in the 
TeleChallenge opportunity, so bring a team! 


https://wwwztelechallenge.org 


Gtelechallenge (we also expect to use @itelechallenge@idefcon.social) 


pT THE BEVERAGE 
5 — % COOLING 
EN — £ CONTRAPTION 
ауте” CONTEST 


in-person Contest 
Location: Forum, DEF CON Contest Area, Contest Stage 
Friday 10:00-14:00 


I don't know my gender non-specific guys. It’s not 
funny anymore. We can't stop talking about a cheeto 
for paying hush money to a busty tortilla chip. Winny 
Pooh is presatator for life with a hunger for those sweet 
sweet chips. Off brand doctor evil is threatening to 
nuke the world on the weekly. And in the plot twist of 
the year Bibi is going fascist. I keep expecting ol'e Joe 
to bust out the force lightning and tell me to "give in 
to my hate”. WELL TOO LATE! This year we are going 
to have a change of pace. I'm going to drink all the 
beverage! Lord knows I could use it. I'm kidding of 
course, I'm terribly allergic to hops. It's the greatest 
irony of all, I can't drink any of the beverage. But our 
spectators can! And they want that beverage to be 
COLD! So I need you to help me satisfy their thirst. 
Their thirst for escape from this mad world. 


CONTESTS & EVENTS 


ODES MSIS THE DARK 


[S PLE TANGENT LOOK- 
оС] | 

Ul P d ALIKE CONTEST 
MOGK CFLA Location: Forum, DEF CON Contest 


In-person Contest 
Area 


Friday and Saturday 10:00-18:00, Sunday: 10:00-12:00 


The Dark Tangent Look A-like Contest is a creative 
opportunity for DEF CON attendees to put their non- 
technical hacking skills to the test. As a contestant 

in The Dark Tangent Look A-like Contest, you will be 
judged based on your appearance, mannerisms, efforts, 
and overall persuasiveness. Can you assume another 
identity? Can you look, walk, talk, and act like Dark 
Tangent? Can you become THE DARK TANGENT? 


THE GOLD BUG 
CHALLENGE 


Hybrid Contest 


Location: Forum, DEF CON Contest 
Area 


Friday and Saturday 10:00-18:00, Sunday: 10:00-12:00 


Love puzzles? Need a place to exercise your classical 
and modern cryptography skills? This puzzle will keep 
you intrigued and busy throughout DEF CON - and 
questioning how deep the layers of cryptography go. 


The Gold Bug an annual DEF CON puzzle hunt, focused 
on cryptography. You can learn about Caesar ciphers, 
brush up your understanding of how Enigma machines 
or key exchanges work, and try to crack harder modern 
crypto. Accessible to all - and drop by for some kids’ 
puzzles too! 


:#9( 8*;(: 46"; 6) 5; 5+0+2?5 +£; -(:.;+9600538 ++; +(5 
https://galdbug.cryptovillage.ora/ 
(CryptoVillage 


THE LONELY HARD 
DRIVE 


Contest 


Location: DEF CON Contest Area, Forum 
Ballroom 


Friday: 10:00 - 20:00, Saturday:10:00 - 20:00, Sunday: 10:00 -13:00 


Are you looking for a good time? Are you trying to get 
lucky? Did you already get lucky by finding a Lonely 
Hard Drive in Vegas? Satisfy your curiosity by visiting 
the contest hall to get started or encounter one of 
the Lonely Hard Drives hidden around the conference! 
Contained within is a maze of puzzles and challenges 
that increase in difficulty the further you progress. 
There are flags to find and points to earn towards the 


leaderboard to win prizes at DEF CON 311 Act now! 
Limited time offer! The Lonely Hard Drive is waiting for 
you! 


(LonelyHardDrive 


THE UNOFFICIAL DEF CON 
SHOOT 


In-persan Event 
Location: Off-Site 


The DEF CON Shoot is a public event that happens just 
prior to the DEF CON hacker conference in Las Vegas, 
Nevada. It is an opportunity to see and shoot some of 
the guns belonging to your friends while taking pride in 
showing and firing your own steel, as well, in a relaxed 
and welcoming atmosphere. We choose a spot, then 

we rent tables, canopies, and bring all the necessary 
safety equipment and amenities. All you need to bring 
yourself and (optionally) your firearms. New shooters 
and veterans both attend regularly. You can attend with 
your firearms, of course, but folk without guns of their 
own in Vegas may have the opportunity to try gear 
from others in attendance or to inquire with the ProGun 
range about whether rental firearms are available. 


Where: Pro Gun Vegas 

Address: 12801 US 95 South Boulder City, NV 89005 
When: Before the con Wednesday Aug 9th 

The usual time is 11am-5pm 


https://deviating.net/firearms/defcan shaat/ 


TINFOIL HAT CONTEST 


In-person Contest 
Location: Forum, DEF CON Contest Area 
Friday and Saturday 10:00-18:00 


Want to block those pesky 5G microchips coursing 
through your vaccinated body? Did you anger our new 
AI overlords, and need to hide? Or do those alien mind 
control rays just have you down lately? Fear not, for we 
here at the Tin Foil Hat contest have your back for all of 
these! Come find us in the contest area, and we'll have 
you build a tin foil hat which is guaranteed to provide 
top quality protection for your noggin. How you ask? 
SCIENCE! 


Show us your skills by building a tin foil hat to 
shield your subversive thoughts, then test it out for 
effectiveness. 


There are 2 categories: stock and unlimited. The hat in 
each category that causes the most signal attenuation 
will receive the "Substance" award for that category. We 
all know that hacker culture is all about looking good, 
though, so a single winner will be selected from each 
category for "Style". 


@0С Tin Foil Hat 


Tee, 10200: 
The Open Organisation f Lockplckers DOZIER DRILL 
LOCKPICKING CHALLENGE 


In-person Contest 
Location: Ling, The Blog, Lock Picking Village 
Saturday 12:00-15:00 


Have you ever wanted to break out of handcuffs, 

pick open a closed bag and shoot your buddy in the 
chest with a nerf gun? So have we, that’s why TOOOL 
presents the Dozer Drill. A fast paced skill based game 
where you have to free yourself from handcuffs, open a 
closed bag, and retrieve the nerf gun to be the first to 
hit the target. Join us Friday for qualifier games, and 
on Saturday for an official bracket tournament. 


@toool 


; TOXIC BBQ 


LA In-person Event 


мя Location: Off-Site 
15:00- 21:00 Thursday, Off-site at Sunset 
Park, Pavilion F, (36.0636, -115.1178) 


The humans of Vegas invite you to this year’s unofficial 
welcome party. Join us off-Strip in the shade of Sunset 
Park for a heat-blasted hangout. Burgers, dogs, and 
meatless options are provided. Attendees pitch in to 
make everything else happen. Contribute more food 
and drinks, staff the grill or join supply runs, and relax 
under the trees with good conversation with new and 
old friends. Come be a part of what makes this cookout 
something to remember year after year. 


Grab flyers from an NFO booth, check out https://www. 
toxicbbq.org for the history of this event, and watch for 
#ToxicBBQ for the latest news. 


https://www-toxicbbg.org/ 


TRACE LABS 
OSINT SEARCH 
PARTY CTF 


In-person Contest 


Location: Forum, DEF CON Contest 
Area 


Friday 10:00-20:00, Saturday 10:00-17:00 


The Trace Labs Search Party CTF is a non theoretical, 
gamified effort that allows for the crowdsourcing of 
contestants to perform a single task: Conduct open 
source intelligence operations to help find missing 
persons 


You can have teams of 1-4 people, 4 person teams 
provide many benefits which include the coaching 
of more junior members. Often a great learning 
opportunity if you are able to pair up with OSINT 
veterans. Get your team together and join us in our 
Discord group to get started here: https://tracelabs. 
org/discord 


https://www-tracelabs.org/initiatives/search-party 


@tracelabs 


VENATOR AURUM 
- A TREASURE 
HUNT 


In-person Contest 
Location: Forum, DEF CON Contest 


Area 
Friday and Saturday 10:00-18:00, Sunday: 10:00-12:00 


Through interfacing with reality you are defining that 
reality. Rethink your senses and test your limits. Solve 
the five layers and discover a hidden treasure. Each 
layer yields its own reward, but few will make it to the 
end of the hunt. For each of your senses, you will need 
to set aside preconceptions and look to the underlying 
patterns within the data. 


venatoraurum.org 


WHOSE SLIDE IS IT ANYWAY? 


In-person Contest 
Lacation: Forum, Room 232 
Friday 22:00-24:00 


"Whose Slide Is It Anyway?" is an unholy union 
of improv comedy, hacking and slide deck sado- 
masochism. 


Our team of slide monkeys will create a stupid amount 
of short slide decks on whatever nonsense tickles our 
fancies. Slides are not exclusive to technology, they 
can and will be about anything. Contestants will take 
the stage and choose a random number corresponding 
to a specific slide deck. They will then improvise a 
minimum 5 minute / maximum 10 minute lightning 
talk, becoming instant subject matter experts on 
whatever topic/stream of consciousness appears on the 
Screen. 


But....why? 


Whether you delight in the chaos of watching your 
fellow hackers squirm or would like to sacrifice yourself 
to the Contest Gods, it's a night of schadenfreude for 
the whole family. 


https://www.mpravhacker.com/ 


CLOUD VILLAGE CTF 


Online Contest 


Location: Online 
Friday and Saturday 10:00-18:00, Sunday: 10:00-12:00 


If you ever wanted to break stuff on the cloud, or if 

you like rabbit holes that take you places you did not 
think you would go to, follow complicated story lines 
to only find you could have reached to the flag without 
scratching your head so much - then this CTF is for you! 


Our CTF is a three days jeopardy style contest where 
we have a bunch of challenges hosted across multiple 
Cloud providers across multiple categories of difficulty. 


You can register as teams or go solo, use hints or 
stay away from them, in the end it will be all for glory 
or nothing. Plus the prizes. Did we not mention the 
prizes? :D 


https;//cloud-village.org, @cloudvillage_de 


TALK ISCHEDULE, AY/FRIDAY 


M Nilliam: / 
| ! MAKING THE DEF CON 31 BADGE / | 
Friday at 10:30 in Track 2 E , 


DESIGNING RFID IMPLANTS— HOW FLIPPING THE 
BIRD OPENS DOORS FOR ME 
Thursday at 14:30 in War Stories (Forum 


THE HACKERS, THE LAWYERS, AND THE 
Tal DEFENSE FUND 
Friday at 09:00 in Track 3 


TT 


j ids — ROUTE TO BUGS: ANALYZING THE SECURITY OF | 
THURSDAY NUTHIN BUT A G THANG: EVOLUTION OF irson BGP MESSAGE PARSING - 
CELLULAR NETWORKS GROWING THE COMMUNITY OF Al HACKERS | Piaya at 10: 301 in Track 4 d 


dei at 15:30 in War Stories @Forum WITH THE GENERATIVE RED TEAM 


Friday a at 09:00 in Track 4 


BDA n 
MTLS: WHEN CERTIFICATE AUTHENTICATION 


DONE WRONG 


SECRETARY OF THE DEPARTMENT ПЕ = at 11:00 in Track 1 
HOMELAND SECURITY ALEJANDRO MAYORKAS | y 4E Zap 
Friday at 09:30 in Track 2 a ШЫР: —i са 27. 


BOSTON INFINITE MONEY GLITCH: HACKING 
TRANSIT CARDS WITHOUT ENDING UP IN 
HANDCUFFS 

Thursday at 10:00 in War Stories @Forum 


SMALL LEAKS, BILLIONS OF DOLLARS: 
PRACTICAL CRYPTOGRAPHIC EXPLOITS THAT 
UNDERMINE LEADING CRYPTO WALLETS 


Thursday at 16:30 in War Stories @Forum 


UNCONVENTIONAL CYBERCRIME: HOW A BAD | | А 1 1 ns amm cc A SPAMCHANNEL: SPOOFING EMAILS FROM 2 
ANTI-HACKING din IS BECOMING A LAW лек | Y ка MILLION+ DOMAINS AND VIRTUALLY BECOMING 
Thursday at 17:00 in War Stories @Forum Ñ 


USING THE WINDOWS CONTAINER ISOLATION | Friday ПШ. 
FRAMEWORK бї 

загады чс; Friday at 10:00 in Track 1 н 
CRACKING CICADA 3301: THE FUTURE OF tes | de 
COLLABORATIVE PUZZLE-SOLVING 


Thursday at 11:30 in War Stories @Forum 


DC101 -THURSDAY WELCOME PANEL 
Thursday at 17:30 in War Stories @Forum 


С THE NIGHTMARE OF APPLE’S OTA UPDATE: 
BYPASSING THE SIGNATURE VERIFICATION AND 


germ | 
THE RINGHOPPER JOURNEY OR HOW WE Т PWNING THE KERNEL _ ш 


кши "и ALMOST ZERO-DAY'D THE WORLD Friday at 11:00 in Track 3 
Dc a ааа u АЕ Rae FRIDAY Friday at 10:00 in Track 3 
NEW ISN'T ALWAYS NOVEL: GREP'ING YOUR minu b 


WAY TÜ $20K AT PWNZ0WN, AND HOW YOU 
CAN TOO 
Thursday at 12:30 in War Stories @Forum 


iu 1 26 — Е 
| n'M | Ce /WARSHOPPING—FURTHER PHREAKING 


LOOK MAT'M THE CEO! REAL-TIME VIDEO AND — SMART SHOPPING CART WHEELS THROUGH 


THE INTERNALS OF VEILID, A NEW 
[DECENTRALIZED APPLICATION FRAMEWORK ` = DEEP-FAKE! Ы HARDWARE REVERSE 


1 Friday at 08:00 in Trackl » ey at 10:00 in Track 4 


š. OWN Y 4 — : B 


| Friday at 11:00 in War Stories - For the Record, @Harrahs | 


DAMNED IF YOU DO—THE RISKS OF POINTING 
OUT THE EMPEROR IS BUCK NAKED 


Lose ESTES a WELCOME TO DEF CON 31 ш т MERE SEN URN DTI WATCHED YOU ROLL THE DIE: UNPARALLELED. 
3 Friday at 09:00 in Track 2 Friday at 10:00 in War Stories - For the Record, @Harrahs ROP MONITORING REVEAL ATT. ACKERS 
W € TRADECRAFT || 
` ee at 11:30 in Track 1 


b 
NM P, 51 


Шы SOHO 


DEFENDER- PRETENDER: WHEN WINDOWS 
DEFENDER UPDATES BECOME A SECURITY RISK 
Friday at 12:30 in Track 4 


HOW 1 RANSOMWARED YOUR [REDACTED] CAR 
Friday at 14:30 in Track 1 


A COMPREHENSIVE REVIEW ON THE LESS- 
TRAVELED ROAD: 9 YEARS OF OVERLOOKED 
MIKROTIK PRE-AUTH RCE 

Friday at 15:30 in Track 1 


CIVIL XE DEF ENSE: USE YOUR RESOURCES 
TO DEFEND NON-PROFITS AS THEY COMBAT 
HUMAN TRAFFICKING AND SUBVERT 
AUTHORITARIAN REGIMES 

Friday at 11:30 in Track 4 


E S DARPA ANNOUNCES AN AI CYBER INITIATIVE, — _ ШЕНЕ МЕРС І 
pU LIVE AT DC 32 AND DC 33 ап Borgogno & Ileana Barrionuev B 
OVER THE AIR, UNDER THE RADAR: ATTACKING TURNING MY VIRTUAL WALLET INTO A le 


AND SECURING THE PIXEL MODEM Dele eal ue 


Friday at 13:00 in Track 2 


SKIMMING DEVICE: MPOS SOLUTIONS 
eu at 15:30 in p. : 


GETTING A MIGRAINE—UNCOVERING A UNIQUE Ў 775 и Br rst 


STILL VULNERABLE OUT OF THE BOX: 
REVISITING THE SECURITY OF PREPAID 
ANDROID CARRIER DEVICES 

Friday at 12:00 in Track 2 


LIVING NEXT DOOR TO RUSSIA 


‘SIP BYPASS ON MACOS E 7 
Friday at 13:00 in War Stories - For the Record, @Harrahs Friday at 14:30 in Track 3 = GAME-CHANGING ADVANCES IN WINDOWS 
Tal Skverer te inutes | demo, exp SHELLCODE ANALYSIS 
GHOSTTOKEN: EXPLOITING GOOGLE CLOUD | k. Friday at 15:30 in Track 4 


PLATFORM APP INFRASTRUCTURE TO CREATE 
UNREMOVABLE TROJAN APPS 
Friday at 12:00 in Track 3 


SECOND BREAKFAST: IMPLICIT AND MUTATION- ү? | ке 3 PAA 
BASED SERIALIZATION VULNERABILITIES IN поп) 

NET | Я VISUAL STUDIO CODE IS WHY | HAVE 
Friday at 14:30 in Track 4 нке ACE) TRUST ISSUES 


PRIVATE KEYS IN PUBLIC PLACES 
Friday at 13:30 in Track 1 


сеу Бап Ricky Lawshe JU» gu ( Friday at 16:00 in Track 2 
YOU'RE NOT GEORGE CLOONEY, AND THIS ISN'T | FANTASTIC ETHERTYPES AND WHERE TO FIND. | бы штуу: imm 
DCEAN'S ELEVEN THEM ng 
Friday at 12:00 in War Stories - For the Record, @Harrahs Friday at 13:30 in Track 3 x [7 CAN'T CHEAT TIME—FINDING FOES AND бесе 
utes | dem ites YOURSELF WITH LATENCY TRILATERATION. — 'A SERIES OF UNFORTUNATE EVENTS | 


Friday at 14:30 in War Stories - For the Record, @Harrahs Friday at 16:00 in War Stories - For the Record, @Harrahs 


laror ri 


A PAIN IN THE NAS: EXPLOITING CLOUD 


Allison Youn Akerman 


PRIVATE UNTIL PRESUMED GUILTY E" l 
CONNECTIVITY TO PWN YOUR NAS ЕЕЕ И x Craig Martell 
Friday at 12:30 in Track 1 ites | 


CHIEF DIGITAL AND ARTIFICIAL INTELLIGENCE J MICROSOFT TRANSPORTS AND SESSION 
аса OFFICER, THE DEPARTMENT OF DEFENSE ARCHITECTURE 

THERE ARE NO MUSHROOM CLOUDS IN = Friday at 15:00 in Track 2 Friday at 16:30 in Track 4 

CYBERWAR - 45 minu | {е Чел 
Friday at 14:00 in Track 2 w - =n к $ 


ANN -_ | CON TROLLING THE WEATHER 


Friday at 15:00 in War Stories For the Record, @Harrahs d 


PRESENTATION WITH DR. CRAIG MARTELL, | MALWARE DESIBN—ABUSING LEGACY 


BACKDOOR IN THE CORE—ALTERING THE INTEL 
X86 INSTRUCTION SET AT RUNTIME 
Friday at 12:30 in Track 3 


NOTHING BUT NET: LEVERAGING MACOS’S 
NETWORKING FRAMEWORKS TO 


IN TRACKING THE WORLDS DUMBEST CYBER- B HEURISTICALLY DETECT MALWARE 
MERCENARIES m Friday at 16:30 in Track1 
R Friday at 14:00 in War Stories - For the Record, @Harrahs | 


^O куу / кү ss 


WAEKYSCHEDUEE 


CERTMITM: AUTOMATIC EXPLOITATION OF TLS 
CERTIFICATE VALIDATION VULNERABILITIES 
Friday at 16:30 in Track 3 


HL7MAGIC: MEDICAL DATA HACKING MADE 
EASY 
Friday at 17:00 in Track 2 


LEGEND OF ZELDA: USE AFTER FREE (TASBOT 
GLITCHES DDT) 
Friday at 17:00 in War Stories - For the Record, @Harrahs 


TRACK THE PLANET! MAPPING IDENTITIES, 
MONITORING PRESENCE, AND DECODING 
BUSINESS ALLIANCES IN THE AZURE 
ECOSYSTEM 

Friday at 17:30 in Track 3 


FIRESIDE CHAT WITH THE NATIONAL CYBER 
DIRECTOR 
Friday at 17:30 in Track 4 


ASK THE EFF 
Friday at 20:00 in Track 3 


ASSESSING THE SECURITY OF CERTIFICATES AT 
SCALE 
Saturday at 09:00 in Track 1 


SMASHING THE STATE MACHINE: THE TRUE 
POTENTIAL OF WEB RACE CONDITIONS 
Saturday at 09:00 in Track 2 


ELECTRONIZING MACOS PRIVACY—A NEW 
WEAPON IN YOUR RED TEAMING ARMORY 
Saturday at 09:00 in Track 3 


HACK THE FUTURE: WHY CONGRESS AND 
THE WHITE HOUSE ARE SUPPORTING Al RED 
TEAMING 

Saturday at 09:00 in Track 4 


BADGE OF SHAME: BREAKING INTO SECURE 
FACILITIES WITH OSDP 


Saturday at 09:30 in Track 1 


J4 GATE, THE HUSTLER POKER CHEATING 
SCANDAL INVESTIGATION AND HOW HACKING 
HELPED ME DO IT 

Saturday at 09:30 in Track 3 


DEMYSTIFYING (& BYPASSING) MACOS’S 
BACKGROUND TASK MANAGEMENT 
Saturday at 10:00 in Track 2 


FRIDAY/SATURDAY 


DEFEATING VPN ALWAYS-ON 
Saturday at 10:00 in Track 4 


DO NO HARM: A HEALTHCARE SECURITY 
CONVERSATION 


Saturday at 10:00 in War Stories - Off The Record, @ 
Harrahs 


CALLING IT A 0-DAY—HACKING AT PBX/UC 
SYSTEMS 


Saturday at 10:30 in Track 1 


UNLOCKING DOORS FROM HALF A CONTINENT 
AWAY 
Saturday at 10:30 in Track 3 


WEAPONIZING PLAIN TEXT: ANSI ESCAPE 
SEQUENCES AS A FORENSIC NIGHTMARE 
Saturday at 11:00 in Track 2 


SPREAD SPECTRUM TECHNIQUES IN 
DISPOSABLE DRONES FOR ANTI DRONE EVASION 
Saturday at 11:00 in Track 4 


PHYSICAL ATTACKS AGAINST SMARTPHONES 
Saturday at 11:30 in Track 1 | 


APPLE’S PREDICAMENT: NSPREDICATE 
EXPLOITATION ON MACOS AND 105 
Saturday at 11:30 in Track 3 


MASS OWNING OF SEEDBOXES—A LIVE 
HACKING EXHIBITION 


Saturday at 11:30 in War Stories - Off The Record, @ 
Harrahs 


INTERNET CENSORSHIP: WHAT GOVERNMENTS 
AROUND THE GLOBE HAVE IN STORE FOR YOU 
Saturday at 12:00 in Track 2 


FROM FEATURE TO WEAPON: BREAKING 
MICROSOFT TEAMS AND SHAREPOINT 
INTEGRITY 

Saturday at 12:00 in Track 4 


VIDEO-BASED CRYPTANALYSIS: EXTRACTING 
SECRET KEYS FROM POWER LEDS OF VARIOUS 
NON-COMPROMISED DEVICES USING A VIDEO 
CAMERA 

Saturday at 12:30 in Track 1 


AN AUDACIOUS PLAN TO HALT THE INTERNET’S 
ENSHITTIFICATION 
Saturday at 12:30 in Track 3 


е 
` 


WALK ЕНЕРШЕ SATURDAY/SUNDAY 


4 wl 


x B SUNDAY EH 
————Ó—— / 


J E STACKMOONWALK: A NOVEL APPROACH TO 
STACK SPOOFING ON WINDOWS X64 
Sunday at 10:00 in Track 1 


A BROKEN MARRIAGE: ABUSING MIXED VENDOR 
KERBEROS STACKS _ 
Saturday at 16:00 in Track 4 


«ТЇП? OPC- m T EVERY POSSIBLE WAY: 
PRACTICAL ATTACKS AGAINST MODERN OPC- 
UA ARCHITECTURES 

Saturday a at 14:30 in Track] 


SIENS UPS ON SITE 


Saturday at 12:30 in War Stories - Off The Record, @ 
Harrahs 


LOOKING INTO THE FUTURE, WHAT CAN WE 
LEARN ABOUT HACKING IN SCIENCE-FICTION? 
Saturday at 13:00 in Track 2 


ALL INFORMATION LOOKS LIKE NOISE UNTIL ШШЕ nd 
YOU BREAK THE CODE: FUTUREPROOFING THE с] 
TRANSPORTATION SECTOR n “atrox " Dabr Gabriel 


Saturday at 16A in Terka ETT MERE 


Б ТТЕ OVERFLOW: CODE EXECUTION IN 
PAYMENT TERMINALS AND ATM’S OVER NFC 
Saturday at 14:30 in Track 3 


_ SIM TUNNELING то TRAVEL AT LIGHT SPEED 
AZURE В2С 0-DAY: AN EXPLOIT CHAIN FROM _ DongsungKim < ү ШШ Track 2 
PUBLIC KEYS TO MICROSOFT BUG BOUNTY | SPOOKY AUTHENTICATION AT A DISTANCE YOUR CLOCKS HAVE EARS—TIMING-BASED оти E ШР 02507: 
P pui a nn. Saturday at 15:00 in Track 2 | BROWSER-BASED LOCAL NETWORK PORT _ 
minutes | demo, too SCANNER 


‘Saturday at 16:30 in Track T THREAD LIGHTLY NAVIGATING THE PERILOUS 


A — n Gul Y PATH OF MATTER’S DARK SIDE 
MEDUZA: HOW AN EXILED PIRATE MEDIA REVOLUTIDNIZING ELF BINARY PATCHING WITH - та — E 
OUTLET BREAKS THROUGH THE KREMLIN'S SHIVA: A JIT BINARY PATCHING SYSTEM FOR Corynne McSherry, Kate Bertash, Daly Barnett, |. Z Sali 
PROPAGANDA FIREWALL LINUX r 


— Е 4 | 


Saturday at 13:30 in Track 1 Saturday at 15:00 in Track 4 


l| VACUUM ROBOT SECURITY AND PRIVACY— 


SURVEILLANCE 
NS | 1 Saturday at 16:30 in Track 3 PREVENT YOUR ROBOT FROM SUCKING YOUR 
THE GITHUB ACTIONS WORM: COMPROMISING E | : ss m. s =< Sunday at 10:00 in Track 4 


GITHUB REPOSITORIES THROUGH THE ACTIONS 
DEPENDENCY TREE 
аи. аї 13: 30 in Track 3 


KINGDOM Bi 


Stuy tS Тай! Í SILENT SPRING: PROTOTYPE POLLUTION LEADS 


| P A TO REMOTE CODE EXECUTION IN NODE.JS ^ Mind 


ЕТТ at 17:00 in Track 1 WAR STORIES OFF THE RECORD AMA 


Ss at 10:00 in War Stories - Off The Record, àHarrahs 


А SSLIPPERY SLOPE: UNRAVELING THE HIDDEN 
DANGERS OF CERTIFICATE MISUSE 


LAUNCH ODAY RCE ATTACK ON POPULAR = 
POLYNONCE: AN ECDSA ATTACK AND 


SOFTWARES ONLY WITH CHROMIUM NDAYS? 


ТУ TT "CAN HACKERS - | | m 


Saturday at 14:00 in Track 2 А Saturday at 15:30 in Track 3 POLYNOMIAL DANCE ADVANCED НП ROP FRAMEWORK: PUSHING ROP TO 
Шш ' 1, exploit - Saturday at 17:00 in Track 2 ITS LIMITS 


Nec ‚ 20 minut to | Sunday at 11:00 in Track 1 
im, I | | 


" : 


I. RUNTIME RIDDLES: ABUSING MANIPULATION — o ыша dad pP 
POINTS IN THE ANDROID SOURCE I ? LIONS AND TIGERS AND FANCY BEARS, OH MY!: 


POWER CORRUPTS; CORRUPT IT BACK! 
HACKING POWER MANAGEMENT IN DATA 


CENTERS Saturday at 16:00 in Track 2 A CAUTIONARY TALE FOR OUR CYBER FUTURE [THE ART OF COMPROMISING C2 SERVERS: — 
Saturday at 14:00 in Track 4 № 45 minutes - Saturday at 17:30 in Track 4 See B NEP VULNERABILITIES 
e а Sunday at 11:00 in Track 2 ЕЛ 


й 


| am 
HEDUIE ” 
жа VAY VY OTT] = = 
Omer Attias 
_ THE PRICE OF CONVENIENCE: HOW SECURITY 
VULNERABILITIES IN GLOBAL TRANSPORTATION 
f Sunday at 11:00 in Track 3 PAYMENT SYSTEMS CAN COST YOU 


45 minutes | demo, tool _ Sunday at 13:00 in Track 3 
„ум е 45 minutes | demo, tool 


Joe Slowik а wawam 


Carlos Polop & Yago Gutierrez 


EXPLORING LINUX MEMORY MANIPULATION 
FOR STEALTH AND EVASION: STRATEGIES 
TO BYPASS READ-ONLY, NO-EXEC, AND 
DISTROLESS ENVIRONMENTS 


Sunday at 13:00 in Track 4 
45 minutes | demo, tool 


> HISTORICAL STATE-SPONSORED OFFENSIVE 
OPERATIONS 


| Sunday at 11:00 in Track 4 
Е 7 45 minutes 


= m ae aa A А 
q г A 
Ron Ben-Yizhak 


#NOFILTER: ABUSING WINDOWS FILTERING 
PLATFORM FOR PRIVILEGE ESCALATION 


Contest Goons 


CONTEST CLOSING CEREMONIES & AWARDS 


Sunday at 12:00 in Track 1 Sunday at 14:00 in Track 1 & 2 
45 minutes | demo, tool, exploit 75 minutes 


David Leadbeater 


TERMINALLY OWNED—60 YEARS OF ESCAPING 


Sunday at 12:00 in Track 2 
45 minutes | demo, exploit 


Carlo Meijer, Wouter Bokslag, Jos Wetzels 


TITLE: [REDACTED TELECOM TALK] 


Sunday at 14:00 in Track 3 
75 minutes | demo, tool, exploit 


Wesley McGrew 


RETRO EXPLOITATION: USING VINTAGE 
COMPUTING PLAFORMS AS A VULNERABILITY 


winnOna, and Panel 


HACKER COURT—INTERACTIVE SCENARIO 


Sunday at 14:00 in Track 4 
RESEARCH PLAYGROUND AND LEARNING 75 minutes 
ENVIRONMENT 


Sunday at 12:00 in Track 3 
45 minutes | demo, tool, exploit 


DT & DEF CON Senior Staff 


DEF CON CLOSING CEREMONIES & AWARDS 


Sunday at 15:30 in Track 1 & 2 
x Until it ends 


LLMS AT THE FOREFRONT: PIONEERING THE 


FUTURE OF FUZZ TESTING IN A RAPIDLY 
CHANGING WORLD 


Sunday at 12:00 in Track 4 
45 minutes | tool, exploit 
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DEF CON welcomes policymakers and technology professionals to join Policy @ DEF CON and participate with our 
community of knowledgeable experts. We need to work together. 


Creating a safer digital society requires collaboration between security and policy experts. DEF CON provides a 
space for representatives of all areas of security to come together to educate and engage each other. 


At DEF CON 31, we will be hosting two tracks of conversations with multiple governments, including US 
cybersecurity policy leaders from the White House and CISA. We'll also have speakers from civil society, think tanks, 
hackers, lawyers, academics, artists, activists, and (we hope) you! 


Here’s a preview, look for more detail in the DEF CON Forums and Hacker Tracker. 


*We provide 101 Sessions on 
what's happening in cyber policy 
both in the US and around the 
world 


*The White House talks about 
cyber education and workforce 
development 


*NCSC UK explores the 
implications of hacktivism in the 
Russia/Ukraine conflict 


*OECD hosts multiple 
governments in an exploration of 
policy responses to loT security 
challenges 


*Multiple governments join us 
to get your input on software 
resilience policy and app store 
security 


*CISA seeks your feedback on 
what's working and what's 
not, and where they should be 
focusing in the future 


*The EFF explains why we're 
entering the Encryption War, Part 
Ш (and how you can fight back) 


*The Atlantic Council provides 
insight into the realities of 
government response to cyber 
crises 


*The White House wants to unify 
and align the way we talk about 
threat attribution 


*Governments want your input 


on how we can reduced supply 
chain risk 


*US DHS wants to avoid a 


dystopian cyberpunk future in 
our smart cities 


*The US government and its 


international seafaring friends 
want your help charting a 
path forward for International 
Maritime Cybersecurity 


*The White House wants to build 


better operational partnerships 
with you to accelerate threat 
disruption 


*Professor Andrea Matwyshyn 


leads a quided discussion on 
software liability and security 


*Professor J Scott Christianson 


highlights the implications of 
satellite hacking for planetary- 
scale ISPs 


*The White House leads a 


conversation around combatting 
authoritarian censorship 


*Jesse Sloman-of-New York State 


and other state security leaders 
explore how states operate as 
laboratories for security response 
and action 


*In conjunction with the AI 
Village, we host a workshop on AI 
Security policy 


*Kerry-Ann Barrett from the 
Organization of American 
States facilitates discussions on 
creating national cybersecurity 
policies in the Americas, as 
well as how Latin American and 
Caribbean nations are dealing 
with Ransomware 


*The US Federal Trade Commission 
wants your help on shutting down 
scams powered by AI assisted 
voice cloning 


*Gaurav Keerthi from Singapore's 
government leads a discussion on 
how the internet's infrastructure 
and governance impacts the 
shape of cyber conflict 


*The National Association of 
Secretaries of State wants your 
help.in demystifying hacking for 
state-level policymakers around 
the country 


‘Voting systems vendors соте 
together with hackers to discuss 
how security research has 
improved elections security 


...and we have much more in store for you including workshops and a 
Policy Lounge. Come check out Policy @ DEF CON in the Forum 218-225. 
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СЕР REVIE 


Alex 


Jack of Few Trades, 
Master of None 


Claviger 
Has consistently forgotten to 
submit a bio for the 
Review Board. 


Proud South African hacker, 


Founder of Telspace Systems. 


and paying it forward 
опе day ata time 


Jeff Moss 
Founder, DEF CON. 


AlxRogan 
Seen a million endpoints 
and rocked them all. 


CyberSulu 
Dabbles in privacy and data 


protection, suffers from travel 
withdrawal, and has a 
gay agenda. 


DEF CON NOC lead, 
drunk panda herding, 
beer geeking and running. 


John Fulmer 
Takes it more than one day 


ata time as he's sure he'll 
live forever; 

Living proof alcohol is 

a preservative. 


Jon2 


Elizabeth 


Resurrenctionist of 
electromechanical 
detritus. 


dead addict 


Isn'ta good enough human 
being to be self-deprecating 
in his bio. 


Team oxford comma, 
champaign champion, 
and aviation geek. 


The least fun guy in the NOC 


CarnalOwnage 
It's on LinkedIn if you 


actually care. 


Deana 
Green witch, cold lizard person, 


enjoys overthrowing the male 
industrial complex in her spare 
time. 


Jay Healey 
Says cyber waaaaay 
too much. 


НІ 

Мадеп 
Incurable travel addict and 
unapologetic coffee mayen. 
Works hard so her plants 


can live their best lives. 


C 


Medic 
Tries to keep his head low. 
Takes things apart and 
can sometimes put them 
back together. 


NOObz 


lam a terrible alibi. 


Sinderz 
Charmingly Cheeky 
Connoisseur of Chaos 


web/browser hacker, 
occasionally DJ Azuki. 


> th 
Marcia Hoffman 
Doing my best to make 
the Internet better and 
keep people out of trouble. 


PWCrack 
400lb hacker with a 
197 IG and about 15% 
of your password. 


Snow 
Your friendly neighborhood 


Con-Artist. 


Zack Fasel 
Can be found drinking all 
the wines, hacking all 
the things, and generally 
being extra. 


Nikita 
Director of Content & 
Coordination. Dark Tangent 
Look-alike submission. 
SecurityTribe. 


Malware Unicorn 
Likes reversing and developing 
malware. Blue team to red 
team convert. Pursues making 
free content for the community. 


SecBarbie 
| have only done this 
once before – 


RESULTS NOT GUARANTEED. 


Master of Sleights. 


Solstice Su 
Wifi hacker. Red team guy. 


Random lulz generator. 


| was told that | could listen 
to the radio at a reasonable 
volume from nine fo eleven. 


Zoz 


International Man 
of Mystery. 


AKA The Hoff, Dr. Weird 


DEMO LABS 


VULNERABLE BY DESIGN: UNGUARD, 
THE INSECURE CLOUD-NATIVE TWITTER 
CLONE 


Simon Ammer, Christoph Wedenig 
Friday August 11 from 10:00 — 11:55 in Accord Boardroom, Forum 


Unguard is an intentionally insecure, cloud-native 
microservices demo application that serves as a 
playground for cybersecurity enthusiasts to sharpen 
their skills and for cybersecurity companies to test 
their software. Designed to mimic a web-based Twitter 
clone, the platform offers user registration, login, 
content posting, and social interactions, all with a 
wide variety of exploitable vulnerabilities. Featuring a 
wide range of security flaws, including SSRF, Command/ 
SQL Injection, Log4Shell, and Spring4Shell, Unguard 
challenges security professionals, developers, and 
students to identify, exploit, and understand these 
weaknesses. Simultaneously, the platform showcases 
deceptive elements, such as phony ads and profile 
management options, which further enhance the 
real-world experience offered by the demo. 


Audience: Offense, Defense 


SUCOSHSCANNY 


Mustafa Bilgici, Tibet Ógünc 
Friday August 11 from 10:00 — 11:55 in Caucus Boardroom, Forum 


SucoshScan is a automated open source SAST(Static 
Application Security Testing) framework. It’s can 
detect a lot of vulnerability(RCE, SSTI,Insecure 
Deserilisation, SSRESQLI,CSRF etc.) in given 

source code.For now, only the detection modules 

of python(flask,django) and nodejs(express js.) 
languages are finished. In the future, specific 
detection functions will be written for php 

(Laravel, Codeigniter), .NET, Go languages. 


Audience: Offense, Defence and AppSec 


KATALINA 

Gabi Cirlig 

Friday August 11 from 10:00 — 11:55 in Society Boardroom, Forum 
Android malware has long relied on basic string 
obfuscation techniques to make analysts suffer while 
reversing it. The current state of the art in mass 
string deobfuscation relies on two techniques. One 

of them is executing the sample and hoping to get 
some hits on the methods with the interesting strings, 
while the other is forking big bucks for some well 
known tools in the industry. Both the workload and 
the financial impact of these methods can severely 
impact an independent researcher's ability to tackle 
modern Android malware. My solution is simple: build 
an environment that can execute Android bytecode 
one instruction at a time. While the approach is not 
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new (Unicorn comes to mind), there is no such tool 
available for the Android ecosystem. This allows 
researchers to speed up their reversing efforts and 


tackle more intricate and advanced malware with ease. 


Audience: Mobile 


THE METASPLDIT FRAMEWORK 


Spencer Mcintyre 
Friday August 11 from 10:00 ~ 11:55 in Committee Boardroom, Forum 


Active Directory is the foundation of the infrastructure 
for many organizations. As of 2025, Metasploit has 
added a wide range of new capabilities and attack 
workflows to support Active Directory exploitation. 
This DEF CON demonstration will cover new ways to 
enumerate information from LDAP, attacking Active 
Directory Certificate Services (AD CS), leveraging Role 
Based Constrained Delegation, and using Kerberos 
authentication. The Kerberos features added in 
Metasploit 6.5 will be a focal point. The audience 

will learn how to execute multiple attack techniques, 
including Pass-The-Ticket (PTT), forging Golden/Silver 
Tickets, and authenticating with AD CS certificates. 
Finally, users will see how these attack primitives 

can be combined within Metasploit to streamline 
attack workflows with integrated ticket management. 
The demonstration will also highlight inspection 
capabilities that are useful for decrypting traffic and 
tickets for debugging and research purposes. 


Audience: Offense 


T3SF (TECHNICAL TABLETOP EXERCISES 
SIMULATION FRAMEWORK) 


Federico Pacheco, Joaquin 
Lanfranconi 
Friday August 11 from 10:00 — 11:55 in Council Boardroom, Forum 


T3SF is a framework that offers a modular structure 
for the orchestration of injects from a master 
scenario events list (MSEL) together with a set of 
rules defined for each exercise and a configuration 
that allows defining the parameters of the 
correspondent platform. The main module performs 
the communication with the specific module (Discord, 
Slack, Telegram, WhatsApp, Teams, etc.) which allows 
the events to be presented in the input channels 

as messages in the platform. It supports different 

use cases for single or multiple organizations. 


Audience: Defense & Incident Response. 


STRIX INTERCEPTOR 


Lexie Thach 
Friday August 11 from 10:00 — 11:55 in Unity Boardroom, Forum 


The development of unmanned aerial vehicles (UAVs) 
has revolutionized data collection, but security 
challenges have emerged. In response, Strix is a 
security testing UAV designed to intercept other UAVs 
in flight while adhering to legal limitations. It utilizes 
software analysis to detect and track unauthorized 
UAVS, predicting their flight path without compromising 
itself. Strix also encompasses ground-based support 
systems for enhanced mission effectiveness. The 
ground-based robots and drones can perform 

tasks such as reconnaissance, target identification, 
and data analysis to enhance the effectiveness of 
Strix's mission.The drone can detect RF anti-drone 
systems and, if identified, utilize multi-RF spoofing 
technology to disrupt or block their signals. This 
allows Strix to enter protected airspace undetected, 
while staying within legal bounds when required. Strix 
was designed to identify other UAVs and attempt to 
jam or possibly control their signals to their flight 
operators. Its hardware includes sensors, a robust 
communication system, and the Pixhawk autonomous 
flight module, which provides open-source flexibility 
and customization options.Strix's small and agile 
design enables high-speed flight and maneuverability 
in confined spaces. Advanced encryption ensures data 
security during collection and transmission. As an 
open-source project, Strix encourages customization 
and collaboration, making it an invaluable tool for 
securing airspace and mitigating UAV threats. Its 
interception capabilities and defensive measures, 
including multi-RF spoofing, contribute to UAV-driven 
security systems while respecting legal considerations. 
This makes it a powerful tool for securing airspace 

and preventing unauthorized UAVs from posing a 
threat. Its ability to detect and intercept UAVs in 
flight, coupled with its defensive capabilities against 
anti-drone systems, including the ability to employ 
multi-RF spoofing technology, makes Strix an essential 
component of any security system that relies on 
UAVs for data collection and analysis. Strix aims 
to showcase the potential of UAVs in a lawful and 
responsible manner, promoting safety, 
and ethical practices within the drone in 


Audience: | hope to attract other drone enthusiasts, 
aerospace industry professionals, and other a 
driven developers to my demo. 


BUILD INSPECTOR - A MODERN JAVERT 
ON THE TRAIL OF СІ/СО ANOMALIES AND 
INTRUDERS 


Jeremy Banker 
Friday August 11 from 12:00 — 13:55 in Caucus Boardroom, Forum 


In the ever evolving landscape of software 
development, maintaining the integrity and security 

of your build, test and deployment pipelines is 
paramount. Build Inspector is an always-watching 
guard dog, looking for information about the 
dependencies being consumed and produced, while 
also calling out instances of risky practices or potential 
signs of compromise during pipeline runs. Watch as the 
inspector turns piles of plaintext logs into structured 
data, perfect for automated analysis, correlation and 
alerting. With simple containerized deployment and 
self-documenting REST API, it has never been easier 

to ensure your build logs are always being watched. 


б j 
Audience: DevSecOps, Compliance, Threat Management, Vulnerability 
Management 


EKAT - PAYLOAD ENCRYPTIC MW 
ENVIRONMENTAL um i 


target s 
u Er 


DEMO LABS 


practice exploiting them and defenders can practice 
detection and prevention. CNAPPGoat is an extensible 
modular tool that deploys environments with more 
complex scenarios - vulnerable VMs, multi-stage 
lateral movement attacks, laC misconfigurations, 

and vulnerable IAM misconfigurations. 


SHUFFLECAKE, AKA TRUECRYPT ON 
STEROIDS FOR LINUX 


Shufflecake is a FOSS tool for Linux that allows 
creation of multiple hidden volumes on a storage 
device in such a way that it is very difficult, even 
under forensic inspection, to prove the existence 
of such volumes without the right password(s). You 
can consider Shufflecake a “spiritual successor” of 
tools such as Truecrypt and Veracrypt, but vastly 
improved: it works natively on Linux, it supports 
any filesystem of choice, and can manage multiple 
nested volumes per device, so to make deniability of 
the existence of these partitions really plausible. 


DRACON 


Dracon is an open-source Application and Cloud 
security automation framework that helps 
organizations create security workflows and improve 
their security posture. Dracon can run a wide range 
of security tools against any target, and it can 
deduplicate and enrich the results of those tools with 
contextual or regulatory information. Dracon can then 
send the enriched results to any visualization or data 
processing tool. Here are some of its key features: 
Automated security workflows: Dracon can automate 
the execution of security tools and the aggregation 
of results, which saves both time and effort. Scalable 
and flexible: Dracon is both scalable and flexible with 
a wide array of existing integrations and more on the 
way, Dracon integrates seamlessly with any exisitng 
toolset. Open source: Dracon is open-source platform, 
which means that it is free to use and modify. 
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FLOWMATE 


Imagine pentesting a large web application with 
hundreds of pages and forms, as well as user roles and 
tenants. You discover that your chosen username is 
reflected in many locations inside the application, but 
you don't have a detailed overview. You want to test 
whether the chosen username is handled properly or 
allows for injection attacks, such as Cross-Site Scripting 
or Server-Site Template Injection. Now you face the 
challenge of finding all locations where your payloads 
appear when injecting into the username. In large 
applications, you'll likely miss some, potentially leaving 
vulnerabilities undetected. This is where FlowMate 
comes into play, our novel tool to detect data flows in 
applications for enhanced vulnerability assessments. 
FlowMate consists of two components: A BurpSuite 
plugin and a data flow graph based on Neo4j. It 
records inputs to the application as you go through 
the pages exploring the application and searches for 
occurrences of the captured inputs in the responses. 
This results in a graph that can be visualized and 
searched for parameters of interest and where they're 
occurring on the site. Understanding the data flows of 
an application helps to significantly improve the test 
coverage and bring your pentesting to the next level. 


OWASP CRAPI: COMPLETELY RIDICULOUS 
API 


OWASP crAPI is an intentionally vulnerable API 
designed to teach and demonstrate common API 
security flaws. It serves as a playground for security 
enthusiasts, developers, and penetration testers to 
learn about API vulnerabilities and practice exploiting 
them in a safe environment. This Demo Lab will 
showcase the use of crAPI for educational purposes, 
including how to set it up, identify vulnerabilities, 
and apply secure API development best practices. 


VACUUM ROBOT HACKING 


In this demo I will show you can root various 
models of vacuum robots and disconnect them 
from the cloud. You have the chance to play around 
yourself with the tools and the rooted robots 


yourself. Learn why you should not trust your robots 
cameras and microphones. Pick up a free PCB that 
allows you to root your vacuum robot easily. 


GLYPH 


Reverse engineering is an important task performed 
by security researchers to identify vulnerable functions 
and malicious functions in IoT (Internet of Things) 
devices that are often shared across multiple devices 
of many system architectures. Common techniques 
to currently identify the reuse of these functions do 
not perform cross-architecture identification unless 
specific data such as unique strings are identified 
that may be of use in identifying a piece of code. 
Utilizing natural language processing techniques, 
Glyph allows you to upload an ELF binary (52 & 64 
bit) for cross-architecture function fingerprinting, 
upon analysis, a web-based function symbol table 
will be created and presented to the user to aid in 
their analysis of binary executables/shared objects. 


EVILNOVNC: NEXT-GEN SPEAR PHISHING 
ATTACKS 


EvilnoVNC is a Ready to go Phishing Platform. 
Unlike other phishing techniques, EvilnoVNC 
allows 2FA bypassing by using a real browser 
over a noVNC connection. In addition, this tool 
allows us to see in real time all of the victim's 
actions, access to their downloaded files and the 
entire browser profile, including cookies, saved 
passwords, browsing history and much more. 


ATTACK SURFACE FRAMEWOR 


Ike 


Qun room, Forum 


Attack Surface Framework(ASF) aims to protec 
organizations acting as an attack : surface N) 
watchdog. The Attack Surface Framewo | 
was im with ж) 
address v shes rough throu 
and tracking risks at scale, in 
and. adaptable approach, | 
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manage their public attack surface risks. ASF will 
auto-discover assets such as network subnets, domains 
including subdomains, enumerate their ports and 
services, track deltas and serve as a continuous and 
flexible, attacking and alerting framework, leveraging 
another layer of support. ASF provides modules for 
attack surface management including asset discovery 
and management, asset enumeration, vulnerability 
scanning, and vulnerability testing. ASF is equipped 
with a set of CLI tools and an API, enabling users to 
interact with the framework and integrate it with other 
tools and processes. Additionally, ASF includes a web- 
based user interface for visualizing an organization's 
attack surface and managing vulnerabilities. | 


OPENSSF SCORECARD 


0- 15:55 in Cau 


— 


Introducing Scorecard, an innovative open-source 
tool designed to secure the software supply chain 
by scanning over 1. 2) тіШоп аш repositories 


the process of evaluating ё al 
security best practices, assi 
on the results, The scores and di 
are readily accessible vi 


Audience: Offensive / Defensive / AppSec 


DEMO LABS 


LAMBDA LOOTER 


Doug Kent, Rob Ditmer 
Saturday August 12 fram 10:00 – 11:55 in Accord Boardroom, Forum 


Organizations can have thousands of lines of code 
that are stored in Lambda on AWS. This application 
was built to help reduce the amount of time it takes 
to review that code. On our last Pen Test, we had 

so much Lambda code to review it was impossible 
to parse through all of it in the short amount of 
time assigned to our test. This lack of time created 
a necessity to automate the review of that lambda 
code for secrets, Lambda Looter will take a list of 
profiles and scan through them and download the 
code you have access to and then process that code 
for secrets, outputting any potential secrets to a 
loot directory. Even though this tool can generate a 
number of false positives it makes looking for secrets 
much faster than scanning the code manually. 


Audience: Penetration Testers, Red Teamers, AWS Admins, AWS 
Developers, Threat Hunters 


THE WIFYDRA: MULTIHEADED RF 
PANOPTICON 


Lozaning 
Saturday August 12 from 10:00 – 11:55 in Society Boardroom, Forum 


The Wifydra is open source hardware and software used 
to locate wireless access points for wardriving. The 
project is a continuation of the work done previously 
by Mike Spicer (@d4rkm4tter) and his WiFi Cactus 
and Kraken. It's designed to be a low power and low 
cost modular way of simultaneously monitoring all 
2.4Ghz WiFi channels for AP beacons. By utilizing 
strictly off the shelf embedded components, the 
Wifydra is able to keep costs extremely low (-$90) 
and its footprint extremely small (250 square cm). 
More importantly, minimal power consumption is 
maintained, requiring only a USB C battery capable 
of putting out 10 watts. The Wifydra is modular in 
nature and supports a multitude of GNSS (Global 
Navigation Satellite System) options for location 
tagging. The ESP32-C5 for 5Ghz channel monitoring 
will also be supported once the hardware becomes 
available. The version of The Wifydra demoed consists 
of 14 ESP8266 called sub nodes, an additional ESP32 
called the dom node, SD card holder, GNSS module, 
OLED screen, as well as the Wifydra carrier board that 
connects all these components. The firmware, BOM, 
and gerbers are all available in The Wifydra's Github 
repo: https://github.com/lozaning/The Wifydra 


Audience: The target audience is anyone interested in Warllriving or RF 
Site surveys, as well as those looking to get started designing their first 
custom PCB 
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USBVALVE - EXPOSE USB ACTIVITY ON 
THE FLY 


Cesare Pizzi 
Saturday August 12 from 10:00 — 11:55 in Unity Boardroom, Forum 


USB spreading malware is still a concern today. Over 
the past few months, we have witnessed an increase 
in malicious software exploiting USB drives to bypass 
security measures, even in air-gapped systems. 
Whenever we connect our USB drive to an "untrusted" 
system, numerous doubts arise: what happens behind 
the scenes? Is something accessing, modifying, or 
encrypting our files? This is where USBvalve comes in. 
It is an affordable dongle, built using readily available 
hardware, designed to reveal the true activities 
occurring when a USB drive is connected to a system. 
It can also be used to check for "BADUSB" (HID) on 
USB keys before inserting them into our own systems. 
The best part is that it’s as compact as a keychain, 
making it convenient to carry with us at all times! 


Audience: Malware analysts, Digital Forensic investigator, Security 
Practitioners 


VEILID 


TC Johnson, Deth Veggie 
Saturday August 12 from 10:00 — 11:55 in Committee Boardroom, Forum 


Veilid is a new, distributed communication protocol 
developed by Cult of the Dead Cow's Dildog (of 
BO2K fame). This p2p, E2EE, distributed protocol 
is being released at DEF CON 51, fully open source, 
and with an example app called Veilid Chat. These 
demos will cover setting up an identity, connecting 
to others, deploying heavy nodes to support the 
network, and contributing to the project. 


Audience: Everyone, we're changing the world, cDe style 


LUPO: MALWARE IOC EXTRACTOR 
Vishal Thakur 
Saturday August 12 from 10:00 – 11:55 in Caucus Boardroom, Forum 


Lupo is a dynamic analysis tool that can be 
used as a module with the debugger. 


Audience: Defense, Malware Analysis, Reverse Engineering 


RED WIZARD: USER-FRIENDLY RED 
TEAMING INFRASTRUCTURE 


Ben Brücker 
Saturday August 12 from 12:00 — 13:55 in Committee Boardroom, Forum 


In this demo I will introduce our new open-source 

tool called Red Wizard. Red Wizard is the result of 
years of spinning up repeatable infrastructures for Red 
Teaming operations. It automates a comprehensive 
infrastructure deployment with redirectors, backend 


Audience: Weed Defense 


systems, phishing relays, OSINT machines etcetera. But 
made easy by providing wizards that walk you through 
the deployments. Additionally, the infrastructure is 
self-documenting, making the sharing of all relevant 
details to your team of operators a breeze. The tool 
is build to make sure to provide you with a resilient 
setup that is OPSEC-safe. By retrieving all critical key 
material from the deployed servers, you will be able to 
rebuild and keep receiving your shells even if one of 
your servers crashes and burns. The technology used 
for Red Wizard is mainly based on Ansible and Docker. 


Audience: Offense, Red Teamers, Penetration testers, Social Engineers 


KRAKEN, A MODULAR MULTI-LANGUAGE 
WEBSHELL FOR DEFENSE EVASION 


Raul Caro 
Saturday August 12 from 12:00 — 13:55 in Society Boardroom, Forum 


Kraken is a modular multi-language webshell 
focused on web post-exploitation and defense 
evasion. It supports three technologies (PHP, JSP 
and ASPX) and its core is developed in Python. 
Kraken follows the principle of “avoiding command 
execution” by re-implementing it through the 
functionalities of the programming language in 
use. Kraken seeks to provide usability, scalability 
and improve the OPSEC of ongoing operations. 


Audience: offensive (red team) and defensive (blue team and threat 
hunting) profiles 


ABUSING MICROSOFT SQL SERVER WITH 
SQLRECON 


Sanjiv Kawa 
Saturday August 12 from 12:00 — 13:55 in Caucus Boardroom, Forum 


SQLRecon helps address the ОА 
tooling gap by modernizing the approach red team 
operators can take when attacking SQL Servers. 

The tool was designed to be modular, allowing for 
ease of extensibility and contributions from the 
hacker community. SQLRecon is written in C# and 
is compatible stand-alone or within a diverse set of 
command and control (C2) frameworks € 
Nighthawk, Mythic, PoshC2, Sliver, : etc). 
latter, SQLRecon can be executed either 
through traditional fork and run. SQL as с 
50 modules which can help facilitate with enumer 
collection, code execution, privilege escalatio 
and lateral movement. It has been design | 


operational curity and defense evas 
| securi 3 ev 


BBOT (BIGHUGE BLS OSINT TOOL) 


TheTechromancer (Joel Moore), Paul 
Mueller 
Saturday August 12 from 12:00 — 13:55 in Accord Boardroom, Forum 


BBOT (Bighuge BLS OSINT Tool) is a new recursive 
OSINT scanner inspired by Spiderfoot, but designed 
and optimized for bigger targets and faster scan 
times. BBOT is open-source and written in Python. 

Its 80+ modules range in function from subdomain 
enumeration to cryptographic exploitation. BBOT 
can map the attack surface of an organization (and 
sometimes get you RCE) in a single command. | 
Features include: - multiple targets - 
automatic dependencies w/ ansible - python 
API - subdomain enumeration - email 
enumeration - cloud bucket enumeration - 
port scanning 
web screenshots 


Audience: BBOT is useful to both Offensi 
bounties) and Defensive (for attack su 
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DEMO LABS 


PCAPINATOR: RISE OF THE PCAP 
MACHINES 


Mike Spicer, Henry Hill 
Saturday August 12 from 12:00 — 13:55 in Unity Boardroom, Forum 


Pcapinator is a powerful and versatile network 
analysis tool that combines the strengths of TShark 
and Python to provide comprehensive and efficient 
packet deconstruction into a format usable for further 
analysis. Inspired by the Terminator, Pcapinator is 
designed to relentlessly analyze, decode, and filter 
network packets using all of the resources a system 
makes available to it, making it a formidable asset 
for diving deep into PCAPs. Leveraging the robust 
capabilities of Wireshark's TShark tool, Pcapinator 
parses and extracts vital information from pcap 

files, while Python's extensive libraries and scripts 
offer advanced processing and automation options. 
Pcapinator is built to handle extremely large PCAP 
files, search for anomalies in those files, and uncover 
the hard-to-find information in network traffic, 
making it an essential tool for PCAP analysis. 


Audience: Offense for Recon, Defense for threat identification and 
forensics. 


BLE CTF 


Ryan Holeman, Alek Amrani 
Saturday August 12 from 14:00 — 15:55 in Unity Boardroom, Forum 


BLE CTF is a series of Bluetooth Low Energy challenges 
in a capture the flag format. It was created to teach 
the fundamentals of interacting with and hacking 
Bluetooth Low Energy services. Each exercise, or 
flag, aims to interactively introduce a new concept 
to the user. Over the past few years, BLE CTF has 
expanded to support multiple platforms and skill 
levels. Various books, workshops, trainings, and 
conferences have utilized it as an educational 
platform and СТЕ As an open source, low cost of 
entry, and expandable education solution, BLE CTF 
has helped progress Bluetooth security research. 


Audience: Offensive & Hardware 


RULEPROCESSORY & GRAMIFY - RULE 
OPTIMIZATION & PASSWORD ANALYSIS 
TOOLS 


Niels Loozekoot 
Saturday August 12 from 14:00 - 15:55 in Caucus Boardroom, Forum 


The RuleProcessorY and Gramify tools are new tools 
that support password-cracking efforts. RuleProcessorY 
offers a method of optimizing hashcat rule-files so that 
you can prevent duplicates across multiple attacks 
better, leading to a shorter runtime. Additionally it 
can process rules as hashcat would with an additional 
support for multi-byte/multi-character rules (inserts 
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& replace primarily). Gramify offers an easy method 

to create base words and candidates to utilize with 
wordlist and combination attacks by splitting data 

by words, characters, or character-set. This can help 
with password phrases, quotes, sentences, combinator 
attacks, and extracting base-words from passwordlists. 


Audience: Offense 


THREATSCRAPER: AUTOMATED THREAT 
INTELLIGENCE GATHERING AND ANALYSIS 
FOR VIRUSTOTAL 


Aaron Morath, Dr. Scott Graham 
Saturday August 12 from 14:00 — 15:55 in Accord Boardroom, Forum 


VirusTotal serves as a popular platform for aggregating 
malware information submitted by Anti-Virus (AV) 
software providers, which can be searched using 
parameters such as hashes (SHA-1, SHA-256, MD5), 
file names, and malicious web links. In order to 
enhance and automate the process of malware 
intelligence gathering, we introduce ThreatScraper, 

a Python-based tool that automates free API queries 
and rescanning tasks on VirusTotal. ThreatScraper is 
designed to periodically request reports on specified 
files and save the results in a local database or Excel 
file. It allows users to pull and aggregate malicious 
file reports from multiple AV vendors over time, 
providing insights into the adoption of malware 
detection across providers. Easily implemented 

from any Windows command line, ThreatScraper 

can rescan a file, pull a report, and then sleep until 
the next designated time identified by the user. 


Audience: Offensive and Defensive Cyber 


PRÜJECTDISCOVERY NUCLEI 


Brendan O’Leary, Pj Metz 
Saturday August 12 from 14:00 — 15:55 in Council Boardroom, Forum 


Nuclei is used to send requests across targets based 
on a YAML template, leading to fewer false positives 
and providing fast scanning on a large number of 
hosts. Nuclei offers scanning for a variety of protocols, 
including ТСР. DNS, HTTP SSL, File, Whois, Websocket, 
Headless etc. With powerful and flexible templating, 
Nuclei can be used to model all kinds of security 
checks. Nuclei is a valuable tool for bug bounty 
hunters, pen testers, developers looking to add more 
security into their CI/CD pipelines, and more. 


Audience: Defense, Pentesters, Bug Bounty Hunters, and DevSecOps 


HARDHAT COMMAND & CONTROL 
FRAMEWORK 


Jonathan Owens 
Saturday August 12 from 14:00 - 15:55 in Committee Boardroom, Forum 


HardHat is a multi-platform, multi-user, .NET command 
and control framework written in C# designed to 

aid in red team operations and penetration testing. 
HardHat aims to improve the quality-of-life of 
operators by providing an easy-to-use but formidable 
C2 framework by incorporating robust features, 

ease of data access, and modern UI upgrades to 

a high-level language that is easily extensible. 


Audience: Offensive 


WEBSITE: HTTPS://DEFCON.ORG 

DEF CON MEDIA: HTTPS://MEDIA.DEFCON.ORG 
DEF CON GROUPS: HTTPS://DEFCONGROUPS.ORG 
DEF CON FORUMS: HTTPS://FORUM.DEFCON.ORG 


DEFCON.SOCIAL (MASTODON): HTTPS://DEFCON. 


SOCIAL 


ICS FORENSICS TOOL 


Maayan Shaul, Ori Perez 

Saturday August 12 from 14:00 — 15:55 in Society Boardroom, Forum 
Microsoft ICS Forensics Tools is an open source 
forensic toolkit for analyzing Industrial PLC 
metadata and project files. Microsoft ICS Forensics 
Tools enables investigators to identify suspicious 
artifacts on ICS environment for detection of 
compromised devices during incident response 

or manual check. Microsoft ICS Forensics Tools is 
open source, which allows investigators to verify 
the actions of the tool or customize it to specific 
needs, currently support Siemens S7 via Snap7. 


Audience: Defense, forensics folks, ICS/OT enthusiastic 


Е TWITTER: HTTPS://TWITTER.COM/DEFCON 


FACEBOOK: HTTPS://FACEBOOK.COM/ 
DEFCON/ 


© INSTAGRAM: HTTPS://WWW.INSTAGRAM. 
COM/WEAREDEFCON/ 


REDDIT-HTTP://WWW.REDDIT.COM/R/ 
DEFCON 


— 
@ 


DOWNLOAD THE PRESENTATION MATERIALS 
AND MORE FROM THE DEF CON MEDIA SERVER 


AT: 


HTTPS://MEDIA.DEFCON.ORG/DEF CON 31/ 
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VIZINDORS 


О Boardsource 


<“ CIGENT 


— Data Security that Works." 


ELECTRONIC 
FRONTIER 
FOUNDATION 


IBITSQUARED LLC 


https://lbitsquared.com 


1BitSquared’s mission is to provide high quality, cutting edge, affordable, 
Open-Source Hardware and Software for Embedded Hardware engineers 
and hackers. Our systems are designed for advanced hobbyists, as well as 
University and civilian research programs as well as educational programs. 


BIZARRE MAGIC INC. 


https://scamstuff.com 


Brian Brushwood, host of National Geographic’s Hacking the System, 
Discovery's Scam School, The Modern Rogue on YouTube, and most 
importantly: the podcast "World's Greatest Con.” We can't say why, but 
you should probably get caught up on that podcast before DEF CON. 


BOARUSRE LLC 


https://boardsource.xyz 


Boardsource offers custom mechanical keyboards and accessories for 
mechanical keyboard enthusiasts. With products ranging from DIY kits to 
premium aluminum boards, you're sure to find something that interests 
you whether you're new to the hobby or a seasoned veteran. 


CIGENT TECHNOLOGY, INC. 


https://www.cigent.com 


Cigent, leaders in data recovery and removal, have built a storage device (for laptops, 
desktops, external media) with built-in data security. The drive by default makes 

data “invisible” - unreadable at the sector level, requiring MFA and Cigent software 

to access the storage. Advanced key creation and storage methodology have been 
implemented making it virtually impossible(?) to access the key. Additionally there 

is a dedicated microprocessor that monitors for attempts to wipe or clone the 

drive, boot off of an alternate OS, or ransom the drive - the drive automatically 
protects the data if it is attacked. It also has full drive erasure with unique firmware 
verification that confirms every block was truly wiped. Oh and wait - there’s more...! 


DESIGNFLAW 


https://shadowvexindustries.com 


Purveyors of limited edition clothing, music, art, stickers and more. Unique 0-day 
swag just for DEF CON 31. Follow the music in the vending area to find our booth! 


ELECTRONIC FRONTIER FOUNDATION (EFF) 


https://eff.org 


EFF is the leading defender of online civil liberties. We promote 
innovator rights, defend free expression, fight illegal surveillance, and 
protect rights and freedoms as our use of technology grows. 


HACKER WAREHOUSE 


https: //hackerwarehouse.com/ 


HACKER WAREHOUSE is your one stop shop for hacking equipment. We understand the 
importance of tools and gear which is why we carry only the highest quality gear from 
the best brands in the industry. From RF Hacking to Hardware Hacking to Lock Picks, 
we carry equipment that all hackers need. Check us out at HackerWarehouse.com. 


HACKERBOXES 


https://hackerboxes.com/ 


HackerBoxes is the monthly subscription box for hardware hacking, DIY 
electronics, cybersecurity, and hacker culture. Each monthly HackerBox 
includes a carefully curated collection of projects, components, modules, 
tools, supplies, and exclusive items. HackerBox hackers connect online as a 
community of experience, support, and ideas. Your HackerBox subscription 
is like having a tiny hacker convention in your mailbox every month. 


HAKS LLC 


https://hak5.org 


Discover the devices that have found their way into the hearts and tool- 
kits of the modern hacker. Notable for ease of use. Celebrated by geek 
culture. From comprehensive WiFi audits to covert network implants 
and physical access mayhem - Hak5 Gear gets the job done. 


HOTWAN 


https://www.hotwan.com 


HotWAN is offering 3 main products: 
1) Video Jig (Prototype) - Protect the Human Against Intrusive Al 


2) Pen Test Assistant (rev 3) - Automation of Open Source Hacker 
Tools, Mind Maps, Manual Testing Aid for Red Teams and Penetration 
Testers. Now, Virtual Machine and Raspberry Pi4 options 


3) Boot Monkey (rev 2) - Wireless Robotic Finger for laptop's 
power button and anti- screenlocking mechanism 


KEYPORT, INC. 


https://www.mykeyport.com 


Keyport® combines keys, pocket tools, & smart tech into one secure everyday 
multi-tool. We will be selling our latest modular product line (co-branded DEF CON 
31 Editions) including the Keyport Pivot, Slide, Modules, Inserts, and accessories. 


MAR WILLIAMS 


https://ihate.art 


Mar Williams is DEF СОМ resident artist, created this year’s official DEF CON 
badge, and has had a hand in informing the aesthetic of the conference since 
DC17. You can find their art throughout the hallways, on DEF CON tshirts, 
stickers and other swag. Mar will have high quality, signed prints of their DEF 
CON art available, as well as a selection of other art, stickers, plushes, and 
vaguely cat shaped baubles. Follow @spuxo on IG or patreon.com/spux 


MISCREANTS LLC 


https://shopmiscreants.com 


Miscreants is creating clothing for hackers heavily influenced by 
streetwear and security culture, looking to document the past, 
present, and future of cybersecurity history. As a brand, we strive to 
deliver original pieces that belong in your closet for decades. 


Miscreants? 
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VILLAGE 2227 


MONERO DEVICES OU) 


Experience modern finance technology first hand by visiting the Cryptocurrency 
Hackers stand at the DEF CON vendor area. We distribute items relating to a 
number of projects including Monero, Bitcoin, Ethereum, and others. Show your 
cryptohacker colours with high quality wearables and custom badges. Try new 
devices and electronics, with access to the designers on site. Inform yourself 
of cryptocurrency science by exploring our infocard display rack. Our stand 

is your one stop shop for cryptocurrency hacker items and information. 


NETOOL LLC 


https://netool.io 


The netool.io Pro2, network engineering in your pocket. Connects to your 
iOS or Android device to detect a list of protocol including Tagged VLANs, 
CDP, LLDP DHCP and more. Configure switches by a press of a button. 


NO STARCH PRESS, INC 


https://nostarch.com 


No Starch Press has been publishing the finest in geek entertainment since 
1994. Come by to see our latest books, t-shirts and swag, and meet some 
of authors and our founder, Bill Pollock. Everything is discounted! 


NUAND LLC 


https://nuand.com 


Nuand is proud to join DEF CON this year and present new bladeRF products! 
Our versatile and high-performance bladeRF platform empowers researchers, 
developers, and security professionals to explore the wireless spectrum like 
never before. With capabilities that extend from radio-frequency analysis to 
security, our open-source ecosystem fosters innovation in radio communication 
and cybersecurity. Visit our booth to experience firsthand the power of 

bladeRF and meet our team of experts, who are passionate about providing 
the tools necessary to unlock new frontiers in wireless technology. 


PHYSSEC EDUCATION EDUCATION PHYSSEC 
(PHYSICAL SECURITY VILLAGE) 


https://physsec.org 


The Physical Security Village (formerly Lock Bypass Village) will be present in 

the vendor area too this year, loaded with physical hacking gear! We will have 
bypass tools, common keyed-alike keys, handcuffs, village swag, and more. We'll 
have hands-on exhibits in the Village area where you can go and try out your 
new toys right away, without ever leaving DEF CON! Whether you're new to 
hacking the physical world, or a seasoned pro, we're sure we'll have something 
for your needs (or at least... something you really want but totally don't need). 


All proceeds go towards the cost of putting on the village each year. 


SALTY SECURITY 


https://www.saltysecurity.com 


Salty Security offers uniquely themed and originally designed merchandise that 
caters to the hacker mindset and lifestyle. Come by our booth for all your sticker, 
apparel and tech gadget needs, or find us online at https://saltysecurity.com! 


SCIENCE & DESIGN, INC. 


https://scidsg.org 


Science & Design is a new non-profit that builds free and open-source, public- 
interest software and helps other non-profits do the same. Our members have 
worked on ubiquitous software, including OnionShare, DDoSecrets, CalyxOS, 
Signal, Riseup, and more. Stop by our booth to learn about our organization, get 
a free usability consultation for your software, and participate in user research! 


SLNT INC. 


https://sInt.com 


SLNT Faraday products empower humanity to reclaim their right to 
disconnect. Our effortless signal blocking gear fits into everyday 
routines, making navigating modern life safer and healthier. 


SPARROWS LOCK PICKS 


https://www.sparrowslockpicks.com 
Manufacturer of Lock Picks & COVERT ENTRY TOOLS 
With the largest selection of lock picks, covert entry and SERE tools available at 


DEF CON it's quaranteed we will have gear you have not seen before. New tools and 
classics will be on display and available for sale in a hands on environment. Our 


Product range covers Custom toolsets, Dimple picks, Disc Picks, Entry Tools, Practice 


locks, Bypass tools, Urban Escape & Evasion hardware and items that until recently 
were sales restricted. SPARROWS LOCK PICKS will be displaying a full range of gear 


including the newly released All Access bump keys, Dimple picks and The Monkey Paw. 
The “Folder” prototype will also be available for its first public viewing. All products will 


be demonstrated at various times and can be personally tested for use and Efficacy. 


SQUAREX PTE LTO 


SquareX presents "Hackers: Superheroes of the Digital Age" - a hacker comic 
book series that explores the often-misunderstood world of Hackers and Hacking. 
The series challenges the negative portrayal of hackers in mainstream media 

and showcases them as individuals who want to take on world problems with 

the one weapon they have — knowledge! Follow along as our protagonists 
navigate the complexities of being vigilante hackers and learn about the inner 
workings of real-life hacks. This thrilling series will have you on the edge of 

your seat, but beware: not everything goes as expected! Get a glimpse into 

the world of hacking and see these superheroes in a whole new light. 


STARTS LABS, INC 


https://start9.com 


Privacy and free speech are fundamental human rights and essential ingredients 
for a free society. Human history demonstrates that, when entrusted to 

others, these rights are invariably denied, resulting in great suffering. As such, 
it is necessary for individuals to protect their own privacy and right to speak 
freely. Fortunately, modern technologies, in the form of personal computers, 
encryption, and open, decentralized network protocols such as the Internet 

and Bitcoin, make this a real possibility. What is needed is a revolution in 
personal computing away from the current, hosted, custodial model that breeds 
dependency and corruption, towards a decentralized model, where individuals 
have absolute control over their data and communications. Start9 is empowering 
the community behind this movement with open source tools and education. 


[Square] 
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THE CALYX INSTITUTE 


https://calyxinstitute.org/ 


The Calyx Institute’s mission is to educate the public about privacy in digital 
communications and to develop tools that anyone can use. By embracing 
“privacy by design,’ we help make digital security and privacy more accessible 
to everyone. Members who support our nonprofit mission receive great 
membership perks like a hotspot with unlimited mobile data, a Pixel phone 
with CalyxOS privacy-focused operating system pre-installed, and more. 

Visit https://calyxinstitute.org/ or stop by our booth to learn more! 


THE OPEN ORGANISATION OF LOCKPICKERS 


https://www.toool.us/ 


The Open Organisation Of Lockpickers is back as always, offering a wide 
selection of tasty lock goodies for both the novice and master lockpicker! A 
variety of commercial picks, handmade picks, custom designs, practice locks, 
handcuffs, cutaways, and other neat tools will be available for your perusing 
and enjoyment! Stop by our table for interactive demos of this fine lockpicking 
gear or just to pick up a T-shirt and show your support for locksport. All sales 
exclusively benefit Toool, a 501(c)3 non-profit organization. You can purchase 
picks from many fine vendors, but ours is the only table where you know 

that 100% of your money goes directly back to the hacker community. 


THE OWASP FOUNDATION INC. 


https://owasp.org/ 


“The Open Web Application Security Project® (OWASP) is a nonprofit foundation 
that works to improve the security of software. Through community-led open- 
source software projects, hundreds of local chapters worldwide, tens of thousands 
of members, and leading educational and training conferences, the OWASP 
Foundation is the source for developers and technologists to secure the web.” 


THE SECOPS INC. 


https://secops.group/ 


The SecOps Group (https://secops.group) is a globally recognized IT security 
company having vast experience of providing cyber security consultancy and 
education services. Our core business comprises two units, consultancy and 
education. The SecOps Group offer CREST accredited security consultancy services 
and through our exams, we provide an authentic and credible certification 
program that is up-to-date and represents real life business risks. The SecOps 
Group also runs a free pentest learning platform called "Vulnmachines". 


Please see our booth at DEF CON and ask us how you can take a FREE exam. 


THE TOR PROJECT, INC. 


https://torproject.org 


The Tor Project is a nonprofit developing free and open source software to protect 
people from tracking, censorship, and surveillance online. Tor's mission is to 
advance human rights and freedoms by creating and deploying free and open 
source anonymity and privacy technologies, supporting their unrestricted availability 
and use, and furthering their scientific and popular understanding. Stop by our 
table to learn more, pick up some gear, and find out how you can get involved. 


WOMEN 
IN SECURITY 
AND PRIVACY 


https://www.wisporg.com 


WOMEN IN SECURITY AND PRIVACY S 


Women in Security and Privacy is a global non-profit committed to advancing women 
and underrepresented communities to lead the future of privacy and security. WISP's 
annual programming includes educational and skills workshops, mentoring and 
networking events, and career advancement and leadership training. WISP also 
provides stipends and scholarships for women and people from underrepresented 
communities to attend conferences and to receive training and certifications. 


XCAPE, INC. 


https://xcapeinc.com 


Pentesting products and services made by hackers for hackers. Cellular products LAPE 


and services for the sneakiest out of band connectivity on engagements. 


XXX.VPN 


https://www.vpn.xxx 


We all know the only VPN you can 100% trust is the one you setup yourself. 

The next best option is VPN.XXX! No accounts and no storage of personal 
information and no logging ever! Whether you're a hacker, security professional, 
or simply someone who wants to protect their personal information, our VPN 
client is the solution for you. Our VPN client also features a direct connection | | 
to the TOR network, qiving you even more options for anonymous browsinq. À 


HACKERS FOR CHARITY 


https://hackersforcharity.org/ ae 
Hackers for Charity’s mission is to provide technical cyber support to other non-profits | 
and charities. Our efforts focus on those organizations without internal help desks 

or other technical support. As a technical enabler, HFC empowers those non-profits 
and charities to succeed at their mission. HFC provides the breadth of cyber services 


and disaster relief, from basic help desk to threat hunting to incident remediation. 


EXHIBITORS 


CAPITOL CAPITOL TECHNOLOGY UNIVERSITY 


Technology University Silver Exhibitor 
www.captechu.edu 


Capitol Technology University (Capitol Tech), an esteemed non-profit institution, is a 
beacon of excellence in the realm of STEM-based learning. With an impressive roster of 
over 17 cybersecurity degree programs spanning bachelors, masters, and doctoral levels, 
Capitol Tech has consistently been at the forefront of cyber education for more than two 
decades. Our unique course offerings extend beyond the ordinary, as we are among the 
select few universities in the nation with programs in the niche fields of cyberpsychology 
and offensive cyber engineering. Our commitment to providing top-tier education has 
not gone unnoticed. The National Security Agency (NSA) and Department of Defense 
(DoD) have recognized us as a National Center of Academic Excellence in Cyber Defense 
(NCAE-CD), and we take pride in leading the CAE Northeast Regional Hub. With Capitol 
Tech, you are not just pursuing a degree; you're stepping into the future of cybersecurity. 


@captechu 
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Silver Exhibitor 
www.hackthebox.com 


Hack The Box is a leading gamified cybersecurity upskilling, certification, and talent 
assessment platform enabling individuals, businesses, government institutions, and 
universities to sharpen their offensive and defensive security expertise. Launched in 2017, 
Hack The Box brings together the largest global cybersecurity community of more than 
2M platform members and is on a mission to create and connect cyber-ready humans 
and organizations through highly engaging hacking experiences that cultivate out-of- 
the-box thinking. Offering a fully guided and exploratory skills development environment, 
Hack The Box is the ideal solution for cybersecurity professionals and organizations to 
continuously enhance their cyber-attack readiness by improving their red, blue, and 
purple team capabilities. Rapidly growing its international footprint and reach, Hack 

The Box is headquartered in the UK, with additional offices in Greece and the US. 


For more information, please visit hackthebox.com. 
@hackthebox_eu 


UNIVERSITY OF ADVANCING TECHNOLOGY 


Silver Exhibitor 


www.uat.edu 


University of Advancing Technology (UAT) is an intimate technology University 
focused on educating students in advancing technology who desire to innovate for 
our future. UAT is the technophile's college experience—a community uniquely suited 
to provide students passionate about technology an ideal place to live and grow. 


@UATedu 


ASCENT-PORTAL 


Bronze Exhibitor 


www.ascent-portal.com 


Ascent-Portal provides an automated governance, security, and compliance 
platform that simplifies risk management and streamlines compliance. With the 
Ascent-Portal platform's real-time compliance scoring, you can easily monitor 
your compliance posture and immediately identify areas for improvement, all 
while ensuring team accountability and reducing the compliance workload. 


BLACK HILLS INFORMATION SECURITY 


Bronze Exhibitor 
www.blackhillsinfosec.com 


Black Hills Information Security specializes in penetration testing, red teaming, threat 
hunting, Active SOC services, and educational webinars, workshops, and training. We 
take the knowledge we have and continue to learn through our engagements and share 
it with the overall information security community because we believe we're all better 
together. Also... the creators of the Backdoors & Breaches, incident response card game. 


@BHinfoSecurity 


LACEWORK 


Bronze Exhibitor 


! J LACEWORK 


www.lacework.com 


Lacework offers the data-driven security platform for the cloud and is the leading 
cloud-native application protection platform (CNAPP) solution. Only Lacework 

can collect, analyze, and accurately correlate data — without requiring manually 
written rules — across an organization's cloud and Kubernetes environments, 

and narrow it down to the handful of security events that matter. Security and 
DevOps teams around the world trust Lacework to secure cloud-native applications 
across the full lifecycle from code to cloud. Get started at www.lacework.com. 


@Lacework 


OPENVPN 


Bronze Exhibitor 


@) OPENVPN 


www.openvpn.net 


OpenVPN? is a leading global private networking and cybersecurity company that 
allows organizations to truly safeguard their assets in a dynamic, cost effective, 

and scalable way. OpenVPN solutions help organizations to easily create secure, 
virtualized, reliable networks that ensure secure communications between on-premise 
applications, SaaS applications, a remote workforce, business partners, loT/lloT devices, 
and specialized global applications. We offer two secure networking solutions for 
small, medium, and enterprise businesses. CloudConnexa™, our managed solution, 
provides secure communication between an organization's distributed workforce, 
loT/lloT devices, and the online services they rely on daily with a secure virtualized 
network. Access Server, our self-hosted solution, simplifies the rapid deployment 

of a secure remote access solution with a web-based graphic user interface and 
built-in OpenVPN Connect Client installer. Both allow you to secure your business 

at scale and provide a seamless experience for your team — no matter the size. 


@OpenVPN 


TRANSPORTATION SECURITY ADMINISTRATION 


Bronze Exhibitor 
www.tsa.gov 


Just like there’s more than one way to peel a banana, there’s myriad ways to 
protect a computer network. Cyber threats against the nation’s transportation 
system is increasing. The Transportation Security Administration — with support 
from the White House, the Cybersecurity and Infrastructure Security Agency and 
Congress - is hacking traditional cybersecurity policy to improve resiliency for the 
growing connected transportation sector. Attend DEF CON to learn more about 
how TSA is working differently in an effort to achieve better outcomes. Come to our 
booth for more about TSA and the future of cybersecurity in transportation. 


@TSA 
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THANK YOU! 


Thank you to the DEF CON HQ staff: Cayce, Cot, Darington, Janet, 
Jeff, Mar, Neil, Nikita, Tom and Will. 


It takes hundreds of Goons to organize DEF CON, and every year 
some join and some leave. I'd like to thank the following Goons who 
are retiring after 10 or more years, earning a Gold Badge and free 
attendance for life. Your hard work and spirit has helped make the 
Con what it is today! 


0x58 (13yrs) Parties Lead. 

Magen ( 12 yrs) Workshops Lead. 

Ahab (17 yrs) Senior Staff Dispatch Lead. 
Wednesday (10 yrs) Press Lead. 

Michael “Monster” Goetzman, (10yrs) Press. 
Paul Proctor (24 yrs), Senior Staff. 

Zantdoit (14Y) DC Villages Lead 


I would like to thank Mar, the Badge Designer for DEF CON 31, for 
helping take the non-electronic badge idea in a new direction with 
the idea of a transparent chamber and a tile format allowing for 
groups of people to create large patterns. 


Thank you to those behind the scenes: Our convention management 
team at Caesars, Jeff McNamara and our legal team at Perkins Cole 
and Matt Mertins for defending against the Chris Hadnagy lawsuit, 
Encore for our last minute requests, the Clark County Fire Marshall 
for approving our crazy floor plans, Black Hat for coordinating 

with us, our accounting firm and our insurance company, all the 
merchants we work with to purchase, ship, and store the items that 
make the conference possible. 


Finally I would like to thank everyone who supports DEF CON and 
the hacking community year round by attending and supporting 
conferences, researching, submitting talks, and creating the 
incredible experiences that make hacking such a dynamic and 
thriving international community. 


-The Dark Tangent 


DEF CON is only possible because of all the hard work from the 
people who make up departments: 


ARTS & ENTERTAINMENT: 

ChrisAM would like to thank everyone responsible for this year’s 
entertainment & decor: Krisz Klink, Great Scott, Zziks, dead, CTRL, 
stitch, davesbase, Miss Jackalope, chOwn35, Shoresy, strauberry, 
raypath, netik, xian, COnjur3r, HiveQueen, sven, Zebbler Studios, 
SomaFM, Imagine Stage Lighting, and all the DJs and artists who 
donated their time and talent to this event. 


CFP REVIEW: 

pwrack would like to thank The Dark Tangent, Nikita, Alex and the 
DC31 Content Reviewers for Talks and Workshops: AlxRogan, Ash, 
Beau Woods, carnalOwnage, Clavinger, Dead Addict, Deana, Dino C, 
effffn, Heisenberg, Jay Healey, Jon Green, LawyerLiz, Magen, Malware 
Unicorn, Marcia, Matt Wein, Medic, nOObz, RoRo, SecBarbie, Shaggy, 
Sinderz, Snow, solstice, Suggy, yan, zfasel and Zoz. 


CONTESTS: 


Grifter, Kaybz, and Secove would like to thank all the creators and 
coordinators who brought the multitude of contests and events at 
DEF CON 51 to life. The dedication, effort, and passion you pour 
into these events does not go unnoticed. Your contributions not 
only entertain the contestants, but enhance the overall atmosphere 
for all attendees, and yeah, you make us laugh too. A huge thank 
you to the C&E Goons—saltr, rugger, gomer, zero3, psychoticide, 
pOlr, CyDefe, V3rbaal, Н4г01а, vertighost, klrgrz, Drs@mWitch, and 
eli—for always going above and beyond to ensure that the contests 
and events are well-coordinated and executed flawlessly. We also 
extend our gratitude to the Dark Tangent, Janet, Darrington, Neil, 
and Will for providing leadership and guidance, your presence and 
support are truly appreciated. A massive thanks to Nikita, our ride 
or die, our always there, our voice of clarity...we can't possibly show 


80 


you how much we appreciate you, but we'll try. Lastly, to our fellow 
hackers, we love you more than you can imagine, thanks for coming 
out, and thanks for playing. Thank you, thank you, thank you! 


COMMUNITIES: 


Kevin, Hony, and Nikita would like to thank all of our communities 
for being such an amazing part of DEF CON! You bring a great 
perspective to the con and we are proud to give you the support 
you deserve, and help you boost your signal to the rest of the 
community. 


We'd also like to thank the Village, SOC, Exhibitor, and Vendor 
goons for providing boots on the ground to help support our 
communities! 


DESIGN AND DEFACEMENT: 


Drifter would like to give a big shout out to the Defacement Team: 
Medic, S4mGold, xaphan, BDA and pOsterboy for their momentous 
effort to keep you on track and aware of your surroundings. Huge 
thanks to Nikita, Sleestak and Mar for support on the printed 
program, and CotMan for getting all the details online. Finally, to all 
the department leads who got me everything I needed on time to 
make this book, it was tight, I know, but thank you. 


DEVOPS: 


Riverside and Fox would like to thank all of the DevOps goons: Ari, 
BSE, cstone, Lightning, mauvehed, mcmayhem, Nebberz, NightWolf, 
respondo, TCMBC, thephreak, VoltageSpike. A shout out to the 
Packet Hacking Village team for being the bot beta testers year 
round, 


DC KIDS: 

Nikita and Kevin would like to thank Bia, Heidi, and Hannah for 
being a fantastic Goon team, as well as all of our content creators 
for focusing on bringing kids content to DEF CON. These are the 
experiences that will shape the future for our younger attendees, 
and this content has been so wonderful! 


The DC Kids team would like to thank all of the DC Staff, but 
specifically Nikita, who has taken DC Kids on as her passion project. 
Without your support, none of this would have happened! 


DCTV: 


Thanks to all the members of the team: sandwlch, ghostpepper, 
robbinbs, Aleks, K£, BoolOrAnd, Tuna, skw33k, Videoman. 


DEF CON GROUPS: 

DEF CON Groups would like to thank Jayson, April, 800xl, and 
adam915 for their work during the previous year and welcome 
alethe, CylentKnight, d4rkm4tter, deviled 5989, Fyrew4ll, and 
gabsmashh to the team! 


A huge shout-out goes to our Virtual Reality (VR) event volunteers. 
The work done by AldeBaran, Charmander, Drip, Ferric, Giglio, 
hoodiePony, Scribbles, TX, and Xray helps extend the DEF CON 
experience to members of our hacker family from around the world 
who are unable to attend in person. 


We would like to recognize the time, effort, and energy each DCG 
invests into bettering our community. Every group is an example 

of the great things that can be done when we come together with 
endless curiosity and the willingness to share our knowledge for the 
benefit of all. 


Finally, a sincere thank you to DT, Nikita, Will, and Darington for 
their continued and unwavering support! 


DEMOLABS: 


Heisenberg would like to thank Medic, Phartacus and DT for help 
with the selection process, and a shout out to the Contest and 
Events Goons for help during the con. A big shout out to all the 
folks in the community who submitted demos for Demolabs - this 
could not happen without you! 


DISPATCH: 

RF and Asmodian X would like to thank the Dispatch Goons, both 
old - Ahab, Archangel, Fosgood, LOgIc, rixon, w00k, dymz, miggles, 
dirtclod, dil3ma, Offroad, Merg, Skyria, Goon22, and yosg - and 
new - Shrinkydink, Codex Maffia, Pooker, Knowbase, Zacperian, 
mylittlebrony, and Wob. 


EXHIBITORS: 

First and foremost, Kevin and Polybius would like to thank the DEF 
CON attendees for putting their faith in DEF CON to throw such an 
awesome event. And more specifically, for trusting us that we aren't 
just selling out; we are re-investing everything back into the Con. 
We want to thank our exhibitors for supporting our community 
through donations to non-profits, as well as our conference itself! 


Hack The Box 

University of Advancing Technology 

Capitol Technology University 

Ascent-Portal 

Black Hills Information Security 

Lacework 

OpenVPN 

Transportation Security Administration 

We'd also like to thank the Exhibitor Goons: log, Silicon Red, DAF, 
VVitchofthewoods, R3N, Donuts, AURO55, rook and Kronk. A special 


thank you to DT, Nikita, Janet, Will, Neil, Darrington, and the rest of 
the DEF CON staff. 


DEF CON SERVERS (FORUMS, MAIL, DEFCON.SOCIAL 
AND MORE): COTMAN 


The DEF CON Servers and I thank Jeff Moss Jeff for giving them 
meaningful purpose in service to DEF CON and the DEF CON 
Community. 


https://forum.defcon.org/ and I thank people from CVE-PTWDC-2025 
(Contests, Villages, Events, Parties, Training, Workshops, DemoLabs, 
Communities in 2023) for getting me the information needed 

to populate the forums with content about each: Nikita, Magen, 
Paydreaux, Zantdoit, Grifter, Bert, Heisenberg and all the organizers. 


https://info.defcon.org/ and I thank advice, aNullValue, derail, and 
l4wke for the work they do to make info available. 


The DEF CON Discord Bot Server and I thank DevOps team for their 
work: (See list of members from Riverside, earlier.) 


https://defcon.social/ and I thank moderators BLu3f0x, 
Buttersnatcher, Csp3r, Crash, CyberSulu, dvs, Junior, Log (Logkiller), 
mauvehed, Peej, polybius, Secove, Sparkles, TruBluFan (True) 


All the servers and I thank Cayce, Darington, Janet, Jeff, Neil, Nikita, 
Tom and Will; it is a pleasure to work with you all! 


Thanks to everyone working with each other to make DEF CON an 
enjoyable experience for all of us. :-) 


HACKERTRACKER 


aNullValue would like to thank the HackerTracker team (advice, 
derail, and I4wke) for their year-round contributions to improving 
the app. Enormous thanks to Nikita, Cotman, Neil, Pay Dreaux, 
Kevin, and qumqats, for their assistance in keeping all of the DEF 
CON conference content up-to-date. Special thanks to the NFO 
team, for helping us find many areas for improvement. Finally, thank 
you to the lead staff of each and every department and village for 
their cooperation and timely schedule updates. 


INHUMAN REG: 

Inhuman Registration Aster & Estebang, would like to thank Cstone, 
Undertaker, Will, Nikita, Janet, Wendy, KC, McMayhem, Cylon, 
50ph33 and all the department heads for putting up working with 
us. 


MERCH: 


Secret would like to thank all the Merch goons: Dasha, spiggy, 
Sudo Loak, themikeconnor, Zubion, Csp3r, LazyGamer, D200wlbear, 
theViking, gingerjet, 5kyf4ll, Oobleck, Heal, Wally, Nyx, GOnZul, 
gLoBuS, Old Man Katt, Endsu, H4zy, Furysama, Githur, T@raByt3, 
Alliepup, K4TT*BVTT, cillic, rudy, and Peej for all their hard work and 
all the other departments who make DEF CON possible! 


NOC: 

еп, mac and DEF CON would like to thank the hardworking NOC 
team for all they do for the con. Sparky, booger, CRV, cOmmiebstrd, 
Dpli, c7fi ve, Jon2, deadication, musa, wish, johntitor, MikeD, Toph 
and strange are not afraid of working long hours to get the network 
up and running and making sure it’s doing what's supposed to do 
throughout the conference. As usual, a huge thank you to Phil, 
Kevin, Mable and the whole Caesars IT and Encore staff for going 
above and beyond to make our lives easier. 


NFO: 

Littlebruzer and Littleroo would like to thank all of the NFO goons: 
Otter, 50Caliber, Aask, algorythm, Aqua, ArbitraryMonster, ARI, 
bertoe, BLu3f0x, brubach, Bufo Alvarius, Cheshire, Commrade, 
D1Gger, dLaw, Fr3nchie, Gaz, GTOdevildog, Hankashyyyk, Hop, 
jimi2x, Kiwi, Krav, madstringer, MajorMayhem, Mouse of Madness, 
Nav, Nil, Nymphaea Caerulea, PEZHead, Reloadrtr, rmshredz, 
S34MSTR3SS, S747IK, Sanchez, SchematicAddict, SScurl7yflrs7, 
Skittl5z, SmileFiles, Sparkle, TACSAT, TriggeredSloth, Viva, and 
Y2katie. 


The entire NFO team would like to thank DT, Nikita, Janet, Will, Neil, 
and the rest of the HQ team. Without your support, we would not 
have this great conference. 


Thank you humans for the interesting questions and allowing us to 
tell you where to go and how to get there. 


PARTIES: 

0x58 would like to thank all of the parties that make DEF CON 
nights better for everyone, and the meetups that bring people 
together face to face while in Las Vegas. Nikita and Janet, couldn't 
do it without you! And a thanks to my small team of boots on the 
ground: Rickglass, s5gfault, sylv3on_, and Sage! 


PHOTO: 
Cannibal would like to thank ASTcell, InfoSystir, AJ702, Silk, and 
Gourry for making up the photo corps goons and all the work they 
put in to documenting the shenanigans that occur at DEF CON every 
year. We would also like to thank everyone that helps put DEF CON 
together and especially the attendees...they keep things weird in 
order for us to have plenty of interesting pictures! 


PLANNING (NIKITA): 
I want to give thanks to everyone, there are a lot of go 
me succeed in planning DEF CON, thank you friends. 
year i'd like to use my section to thank someol 
year. 20 yrs ago I was given my first goon 
Roamer. І don't know the first thing he s 
laced with profanity, vaporized in a clouc 
with a hearty laugh. I do know the 
you too". I'm thankful for that and. 
shenanigans and f*cks he да 
thankful for knowing him. 


make last decades. I'm. 
and what's to come. 


THANK YOU! 


Janet, William Leonard, Neil, Wednesday, Pay Drough. And especially 
everyone in the hacker and public policy communities who act as 
voices of reason, collaborating together toward common goals. 


PRESS: 


Monika and Wednesday wish to extend their appreciation for all the 
journalists, bloggers, and podcasters who contribute to & document 
our community experiences every year. A special thanks to the Press 
Goons who make it all possible: Claire, Jeff, and Kody. 


PRODUCTION: 


Thanks to the Production Team members Janet, Ira, and Sparkles for 
their tireless efforts. Thank you, Delchi, for your help with HDA and 
Charel, Sven, and Hivequeen for the Memorial. Janet would like to 
thank all of you, department leads, goons, and everyone in between. 
Without you, this could not happen. 


QUARTERMASTER: 


Quartermasters Stores is (are?) both sad and happy to announce 
that our beloved ETA, Humper of Pelicans for the last 15 years, is 
moving on... Sad because we'll miss his humping skills and style, 
but happy because he will still be here at DEF CON in a new and 
mysterious role (and that’s how we like our roles). It also means 
that Buttersnatcher (Butters) can step up and fill his shoes with 
some very special Canadianishness. Congratulations Butters and 
Bobspeed ETA! We are also very grateful to, in no particular order 
(actually there is - it’s the speed at which they can fetch a donut), 
The Saint, Cell Wizard, SunSh1ne, sp1kedshell, Buttersnatcher, 
shell-e, YoungBlood, Q, Drimacus, alizarinMegalodon, Helium, 
SP3ZN45, seven, AWildBeard, ahlana, Pthamm, Multigrain, Sisu aka 
RS, Nanook, Muffin & Major Malfunction (MM is surprisingly quick 
with a donut but it will probably be consumed before it gets to you, 
so last place anyway). As always, we are doubly grateful for Janet, 
Nikita and all the Goons, villages, vendors and Humans that make 
DEF CON our favourite summer camp and keep our shiny shiny and 
our 5v within the range 4-6v. Party On! 


REGISTRATION: 

cstone from Human Registration would like to thank everyone on 
SOC; QM; Swag; IHR; the Admin team; and the reg goons: Ox90ebfe, 
Amlazar, Chimera, Crackerjack, funnyguy, holmestrix, indigo, 
Jup1t3r, Model-A, Phear, Pozer, Premio, Prophet, qumqats, Temtel, 
Undertaker, and wralth. 


SOC: 

Cjunky and tacitus would like to thank: duckie, Heylel, Sif, 

Amber, 4UROR4, dr.kaos, DoktorMayhem, Sonicos, Strider, Priest, 
HoneyBadger, polish dave, RadioActive, StellarDrift, LabRat, anna, 
Mouse, Yaga, Brlck, Infojanitor, Quiet Mike, 4chtung, Scrimshaw, 
ЈВопе, JohnD, LasOmbra, BMP51, SynMac, NextInLine, Randy . 
Waterhouse, SAGE, Mr. M, Zerorez, Si, nohackme, YT, Kitty Hegemon, 
Spedione, TBD, Siviak, arcon, skroo, AdaZebra, Hattori Hanzo, 
Havoc, Alice Kalli, MOrph1x, Kitty, g33kspeed, Psychofox, Our Lady 
of Chaos, Red, whiskey, Derp, Phat_Hobbit, shuu, Binarywishes, 
nesquik, nlcfury, m0, FANNY, Sumdunce, Glasswalk3r, zombie, Zulu, 
milkyline, Major Faz, MIM, stan, OlFhax, Or3gOn V1x3n, George, 
SysTm_Ov3rLo4d, cyberkrinn, prOph37, ZephrFish, thOm4s, Drfed, 
Cocktail, nerves, WhiteBrd, randOh, Andi, pixar, wilnix, Junior, 
CarpeDiem, deelo, Sami, sl3dge, SomeNinja, L4bFOx, n3x7, Krassi, 
Nothingness, stealth, AlphaKilo, Thirsty Goat, Wreaktifier, do2er, 
WHITE CHRIS, JustLuke, Lordi, Wham, q00dn1t3, Sienna, wasted, 
cymike, zerofux, Arc, Redoubt, precOre, Echosixx and all retired SOC 
Goons. Pax Per Imperium. 


SOCIAL MEDIA: 


Darington wishes to thank the intrepid video team for their tireless 
efforts to share the DEF CON experience with our friends in the 
social media universe. Thanks to Ali, STARES, Silk, and Nahamsec 
for their energy and enthusiasm. Thanks to the creators for 
welcoming this new initiative. 
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SPEAKER OPS: 


pwcrack would like to thank the Speaker Operations staff for another 
year of great service to DEF CON and its speakers. These goons are 
$hadOw, CLI, Crash, dROM, flattire, д8, gattaca, goekesmi, Jinx, 
jurist, Jutral, kampf, manchmod, Milhouse, Mnky, notkevin, P1bb13, 
Pardus, Pasties, phliKtid, Proctor, roundRiver, SIGAD, squirrel, Stikk, 
surrealKill3r, Tinkers, TruBluFan, Vaedron and, as always, AMFYOYO! 


VENDORS: 


Kevin and Fivepenny would like to thank the vendor goons, 
Brooklynn, Hannah, hexyll, Professor Roger, and PugLady. We could 
not have done it without you guys. To the vendors who were super 
with awesome stuff and to the attendees for buying that stuff, you 
guys rock. Thanks to all the DEF CON departments. And, of course, 
thank you, Janet, Nikita, DT, and all of the DEF CON staff! 


VILLAGES: 


Hony and Paydreaux would like to thank Zant during this transition 
year as we took over in co-lead roles. Additionally we'd like to 
extend special thanks to F4ux for her support as a second, as well 
as Nikita and Janet for everything they do to make DEFCON a reality 
each year. BIG thanks to DVS for taking care of the village stage 
coordination as well as the Discord... keeping them up to date and 
organized. Hony, Paydreaux, F4ux, and the village team want to 
thank all the Village leads and organizers for everything they do 

to make DEF CON a huge success by bringing great villages and 
content here, for us to experience. Thanks to DEVOPS for getting 
all the village channels organized up and running! Thanks to Kevin 
from Vendor/Exhibitor for helping to line up additional support for 
various villages enabling their content and parties! Thanks: config, 
brOOzer, zant, Griff, Hunny, margraf, Sven, Raze, nOOb, Kamikze, 
fl3xOr, Yeti, dvs, k4sp3r h4us3r, Aragorn, Zachadakka, Monster, 
Angel. THANKS for all your time, help, and hard work!!! Villages 
would not be possible without 


WORKSHOPS: 


Sinderz and Magen would like to thank our tireless Workshop goons: 
integgroll, lawyerliz, binarybuddah, mav, PlllOwz, Jenn and Joel 
Cardella, Chrissy, Fallibile, RandomInterrupt, and d3ada55. We also 
want to thank the Workshop Review Board, and the instructors who 
bring their energy to the classrooms. Thank you for sharing your 
expertise. We also want to give a huge hat tip of appreciation for 
the amazing folks and all the work they do that goes into making 
DEF CON happen every year. DT, Nikita, Janet, Will, Neil, Darrington, 
Mar, QM, NOC, and SOC; thank you all for all the efforts both before, 
during and after the con. 


- — x 
MEGASUPERSTORE 


